XSS vulnerability in TweetDeck gets a fix



Twitter has patched up a security flaw in TweetDeck, an XSS cross-site scripting vulnerability which allowed an attacker to remotely execute Javascript code.

Related: AmazonCart: Tweet your purchase into your shopping cart

And when the vulnerability came to light yesterday, it was certainly used, with many thousands of users being treated to comedy pop-up messages, and forced retweets of the bug. Indeed, there were some 83,000 retweets of the script according to ZDNet, which hit some pretty major Twitter accounts like the New York Times and BBC Breaking News. At first it was thought that the vulnerability was just in the TweetDeck Chrome plugin, but then reports came in of other users being affected in terms of IE, Firefox, and the Windows app.

Apparently, the hacker who discovered the flaw told CNN that he informed Twitter about it immediately, but he also tweeted about his playing around with the bug, which was seen by others and the news quickly spread like wildfire, leading to the many exploits occurring before Twitter could yank the service down.

Yesterday, on the TweetDeck account, Twitter initially informed users: "A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix."

However, it seems the fix didn't work – or folks didn't follow that advice – and the exploit continued to spread, which led to Twitter taking the service down for a while: "We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up."

An hour later, the social network tweeted: "We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience."

Related: Twitter adds #Ramadan and #Eid hashtags for Muslim celebration

And this time, the flaw was patched up. While it was certainly an embarrassing and large-scale incident, by all accounts it doesn't seem like any real damage was done, and the exploits leveraged were apparently mostly harmless japes.




More

Full Jurassic World Trailer to Debut on Thanksgiving

Those dino-mite dinosaurs are coming back next June

Wonder Woman Director Confirmed

Wonder Woman to finally hit the big screen with her own movie in 2017

Are The Hunger Games Over?

Decision to cut the story in two parts may end up costing the filmmakers