web analytics

    Twitter says Android security bug gave access to direct messages

    Twitter claims a stability bug may well have exposed the non-public direct messages of its Android application customers, but said that there was no proof that the vulnerability was at any time exploited.

    The bug could have allowed a malicious Android app running on the similar product to siphon off a user’s direct messages stored in the Twitter app by bypassing Android’s in-created info permissions. But, Twitter explained that the bug only labored on Android 8 (Oreo) and Android 9 (Pie), and has since been preset.

    A Twitter spokesperson instructed TechCrunch that the bug was noted by a protection researcher “a number of weeks ago” via HackerOne, which Twitter works by using for its bug bounty plan.

    “Since then, we have been operating to preserve accounts protected,” explained the spokesperson. “Now that the issue has been mounted, we’re permitting persons know.” Twitter explained it waited to allow its consumers know in get to avoid another person from understanding about the issue and taking advantage of it prior to it was mounted.

    The discover despatched to afflicted Twitter consumers. (Image: TechCrunch)

    Twitter mentioned the extensive the greater part of people had up to date their Twitter for Android application and were being no longer susceptible. But the business mentioned about 4% of consumers are even now running an outdated and susceptible edition of its app, and people will be notified to update the application as quickly as attainable.

    Lots of buyers began noticing in-application pop-ups notifying them of the issue.

    News of the stability problem arrives just weeks following the firm was strike by a hacker, who attained access to an inner “admin” resource, which along with two other accomplices hijacked large-profile Twitter accounts to distribute a cryptocurrency scam that promised to “double your income.” The hack and subsequent fraud netted in excess of $100,000 in ripped off funds.

    The Justice Section billed 3 persons — together with a single small — allegedly liable for the incident.

    Recent Articles

    Microsoft outage leaves users unable to access Office, Outlook, Teams

    Microsoft claimed it is investigating an authentication outage with Office 365, preventing consumers from accessing some of the company’s most broadly applied...

    Greylock and MLT are trying to diversify tech’s wealth cycle

    Greylock Companions has teamed up with Management Management for Tomorrow to tackle difficulties of range and inclusion in the technological know-how sector. “Our...

    Datasaur snags $3.9M investment to build intelligent machine learning labeling platform

    As device discovering has developed, a person of the major bottlenecks continues to be labeling points so the equipment finding out software understands...

    Google offers Europe more checks Fitbit data won’t be used for ads

    Google has supplied a second spherical of concessions to try out to persuade European regulators to apparent its acquisition of wearables maker...

    Google to better enforce Play Store in-app purchase policies, ease use of third-party app stores

    Under menace of regulation, Google declared today it is updating its Google Engage in billing procedures to improved clarify which kinds of...

    Related Stories

    Stay on op - Ge the daily news in your inbox