Published On: Thu, Aug 6th, 2020

Twitter says Android confidence bug gave entrance to approach messages

Twitter says a confidence bug might have unprotected a private approach messages of a Android app users, though pronounced that there was no justification that a disadvantage was ever exploited.

The bug could have authorised a antagonistic Android app using on a same device to siphon off a user’s approach messages stored in a Twitter app by bypassing Android’s built-in information permissions. But, Twitter pronounced that a bug, patched in Oct 2018, usually worked on Android 8 (Oreo) and Android 9 (Pie), and has given been fixed.

A Twitter orator told TechCrunch that a bug was reported by a confidence researcher “a few weeks ago” by HackerOne, that Twitter uses for a bug annuity program.

“Since then, we have been operative to keep accounts secure,” pronounced a spokesperson. “Now that a emanate has been fixed, we’re vouchsafing people know.” Twitter pronounced it waited to let a users know in sequence to forestall someone from training about a emanate and holding advantage of it before it was fixed.

The notice sent to influenced Twitter users. Image Credits: TechCrunch

Twitter pronounced a immeasurable infancy of users had updated their Twitter for Android app and were no longer vulnerable. But a association pronounced about 4% of users are still using an aged and exposed chronicle of a app, and users will be told to refurbish a app as shortly as possible.

Many users began seeing in-app pop-ups notifying them of a issue.

News of a confidence emanate comes only weeks after a association was strike by a hacker, who gained entrance to an inner “admin” tool, that along with dual other accomplices hijacked high-profile Twitter accounts to widespread a cryptocurrency fraud that betrothed to “double your money.” The penetrate and successive fraud netted over $100,000 in scammed funds.

The Justice Department charged 3 people — including one teen — allegedly obliged for a incident.

Decrypted: How a teen hacked Twitter, Garmin’s ransomware aftermath

About the Author