Twitter has re-enabled the TweetDeck application after taking it down following successful exploitation of a cross-site scripting issue.
TweetDeck is a popular social media dashboard application used for managing Twitter accounts. Earlier in the day, Twitter advised TweetDeck users that it had fixed a security issue and told them to logout and log back in to fully apply an update. An hour after that however, Twitter disabled the application, before re-enabling it an hour later.
At the center of the situation was a bug that enabled cross-site scripting attacks, researchers said.
“This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet,” Trey Ford, Global Security Strategist at Rapid7, explained in a statement. “The current attack we’re seeing is a worm that self-replicates by creating malicious tweets. It looks like this primarily affects users of the TweetDeck plugin for Google Chrome.”
“This worm hearkens back to the MySpace ‘Samy Worm’ in 2006, except for one key step- this worm does not appear to have the ability to force your account to follow the attacker,” he said.
Taking a quick look at Twitter shows lots of attempts to exploit this flaw still flying around, even though Twitter has now patched the issue, noted Chester Wisniewski, senior security advisor at Sophos.
“People have suggested this was not malicious, but I disagree,” he argued. “Creating a network worm even if only being used to spread a warning message is still malicious activity no matter how you cut it.”
The vulnerability caused a stir among TweetDeck users. In a short period of time, the issue was exploited to cause tens of thousands of users to retweet a single message.
“Cross site scripting attacks aren’t new and represent just one of the many vulnerabilities application developers need to consider when building an app like Tweetdeck,” Krishna Narayanaswamy, chief scientist at Netskope, told SecurityWeek. “What’s especially dangerous here though is the nature of social media is to share — good or bad, it’s designed to spread something far and wide. Just as Twitter has jumped to action to ensure they’re leveraging validation checks and other best practices, so should every app provider, especially those with mass appeal like this.”
“The guidance from TweetDeck is simple and correct – log out, and log back in,” said Ford. “One of the most common and useful XSS attacks is used to steal the user’s session, effectively enabling an attacker to log in as you. Logging out will eliminate that threat.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
