Twitter Fixes Serious Security Glitch In Android App

Twitter has urged Android users to update to the latest version of its app after finding a serious security flaw that could allow an attacker to commandeer an account and view private information.

The bug could allow a hacker to send tweets or direct messages from a user’s account and to view information including direct messages, protected tweets and location information, the company said.

But the firm said viewing such data would require “a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app”.

The company said it didn’t have evidence that malicious code had been inserted into the app or that the vulnerability had been exploited.

‘Extra caution’

“But we can’t be completely sure so we are taking extra caution,” the firm said in an advisory.

Twitter said it was directly notifying people who could have been exposed to the vulnerability either through the app or by email with specific instructions on how to mitigate the bug, which vary depending on what versions of Android and Twitter are being used.

“If you are unsure about what to do, update to the latest version of Twitter for Android,” the company said.

The firm’s technical support team said on Twitter that the problem was fixed in version 7.93.4, released on 4 November 2019 for KitKat, and in version 8.18, released on 21 October 2019 for Lollipop and newer.

The app is no longer supported on Android versions previous to KitKat, the firm tweeted.

The issue doesn’t affect the iOS version of the app.

Disinformation campaign

“We’re sorry this happened and will keep working to keep your information secure on Twitter,” the company said.

Twitter also said on Friday it had removed 5,929 accounts connected to a “significant state-backed” disinformation campaign originating in Saudi Arabia.

“These accounts represent the core portion of a larger network of more than 88,000 accounts engaged in spammy behaviour across a wide range of topics,” the company said in a blog post.

“We have permanently suspended all of these accounts from the service.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Shareholders Vote On Chinese App Removal Policies

Apple's policy to obey Chinese government orders to remove certain apps from its App Store in China is facing a…

11 hours ago

Google To Spend Billions On US Data Centres

Alphabet CEO Sundar Pichai confirms plan to spend $10 billion in 2020 on Google data centres and offices across the…

12 hours ago

NTSB Slams Tesla’s Autopilot Safeguard, Blames Regulator Oversight

Tesla and US safety regulators criticised over a lack of safeguards in a fatal 2018 Autopilot crash by US National…

13 hours ago

AI and Public Standards

As the Committee on Standards in Public Life release their awaited report considering AI and its impact on the delivery…

15 hours ago

US Supreme Court Rejects Apple Appeal Against VirnetX

Bad news for Apple, as the US Supreme Court rejects iPad maker's appeal against a $440m patent infringement financial penalty

17 hours ago

Met Boss: Facial Recognition Less Concerning Than Knife In Chest

The United Kingdom's most senior police officer Cressida Dick has strongly defended the use of facial recognition by police forces

19 hours ago