Twitter revealed today a vulnerability that might have dealt yet another major blow to its security posture. The micro-blogging site has announced that it recently fixed a security issue with its Android app that could have allowed attackers to access your Direct Messages and other private data through a malicious app.
The vulnerability is related to a security issue with Android that affected only versions 8 and 9. Twitter noted that the security flaw could circumvent Android's system permissions that safeguard against unauthorized access to private data. It turns out that Google fixed the issue in October 2018 through a security patch, which has already been made available to 96% of Twitter users on Android.
For now, Twitter found no evidence that this vulnerability was exploited. However, the company is not completely certain that this will always be the case, so it has updated its Android app to prevent external apps from gaining access to Twitter's in-app data.
In addition, it is sending out in-app notifications to those who might have been affected, requiring them to update their app to its latest version. Finally, Twitter vowed to identify changes to its processes to avoid issues like this in the future. Though the vulnerability did not affect the service's web and iOS apps, the alert has also been sent out via Twitter's web version.