Twitter patches security issue for Android app, users urged to update

In a security advisory, Twitter stated that it had discovered a security issue in the Android app for their platform. The advisory, which was released via their official blog, states that the exploit has been fixed and encourages users to download the patch immediately. (This is, of course, far from the first time Twitter has had to deal with security issues.) The nature of the new exploit is described by the notice as follows:

We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send tweets or Direct Messages). Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.

Twitter says it doesn’t “have evidence” of the exploit being implemented in the wild. They admit, however, in the blog post that they cannot be fully certain the security issue wasn’t exploited, so they have taken “extra caution.” Part of this “extra caution” is directly notifying users that Twitter believes are most at risk of exploitation via email. The emails are not the same for every user but instead are tailored for the users based on the Android version they use for browsing Twitter.

According to a tweet from the Twitter Support account, there are specific versions more at risk. The tweet is quoted below:

To provide more detail, this issue was fixed in Twitter for Android version 7.93.4 (released Nov. 4, 2019 for KitKat) as well as version 8.18 (released Oct. 21, 2019 for Lollipop and newer). Twitter for Android is no longer supported on Android OS versions older than KitKat.

If a user is, for whatever reason, unable to update their application, Twitter recommends sticking to the main website rather than risking an exploitation.