Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Tweetdeck cross scripting vulnerability found; Twitter rushes fix

Tweetdeck cross scripting vulnerability found; Twitter rushes fix
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jun 11, 2014, 03:54 PM
A cross-site scripting (XSS) attack was discovered in Tweetdeck earlier today,y causing a wave of commotion on the Internet as small pop-ups appeared in browsers. Tweetdeck had not been stripping Javascript code from tweets, allowing a chunk of code to force the pop-ups. While no data has been reported as stolen as a result of the vulnerability, leaving it open for too long could have resulted in the hijacking of accounts.

Tweetdeck, a Twitter client that Twitter purchased in 2011, allows for the management of multiple accounts, columns of information and scheduled tweets in a single solution. Twitter has had some hiccups since picking up the program, including another XSS vulnerability that was found shortly after the purchase.

Today's scripting attack affected the web client version of Tweetdeck, but Twitter issued a quick fix once the company was alerted to the problem. This first fix, which would apply after a user logged out and back in, didn't appear to completely fix the problem. Twitter then turned to the complete take down of all versions.

Within the course of two hours, Twitter had pulled down and patched the vulnerability in Tweetdeck. During the downtime in the service, Twitter took the time to check to see if the fix put an end to the issue. According to a statement on Twitter, it has been successful.

During the time before the patch, the vulnerability has been confirmed from several sources as occurring in Chrome on both OS X and Windows machines. Some reports from Twitter say that the Mac standalone client wasn't affected, but the Windows version saw pop-ups.

Twitter now says that the vulnerability has been patched. It is suggested that Tweetdeck users log out and back in to ensure the application updates to the most recent version.

( Last edited by NewsPoster; Jun 12, 2014 at 05:42 AM. )
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Privacy Policy
All times are GMT -4. The time now is 07:18 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2