Authorization

Twitter says Android security bug gave access to direct messages

Twitter says a security bug may have exposed the private direct messages of its Android app users, but said that there was no evidence that the vulnerability was ever exploited.
The bug could have allowed a malicious Android app running on the same device to siphon off a user’s direct messages stored in the Twitter app by bypassing Android’s in-built data permissions. But, Twitter said that the bug only worked on Android 8 (Oreo) and Android 9 (Pie), and has since been fixed.
A Twitter spokesperson told TechCrunch that the bug was reported by a security researcher “a few weeks ago” through HackerOne, which Twitter uses for its bug bounty program.
“Since then, we have been working to keep accounts secure,” said the spokesperson. “Now that the issue has been fixed, we’re letting people know.” Twitter said it waited to let its users know in order to prevent someone from learning about the issue and taking advantage of it before it was fixed.
Twitter says Android security bug gave access to direct messages
The notice sent to affected Twitter users. (Image: TechCrunch)
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«    Сентябрь 2020    »
ПнВтСрЧтПтСбВс
 123456
78910111213
14151617181920
21222324252627
282930