Skip to main content

Update your Twitter app right now if you’re on Android

Twitter says it has patched a vulnerability inside its Android app that could have potentially let malicious actors view information of private accounts and take over profiles through an intricate back-end process. If a hacker managed to exploit the loophole, they could send direct messages and tweets on the target account’s behalf.

The social network claims so far it hasn’t discovered any affected user, nor found evidence of whether a third-party service has taken advantage of the bug. However, Twitter is reaching out to the people whose details may have been exposed. It’s unclear how long the vulnerability was left out in the open. The issue is not present on Twitter’s iOS app.

Twitter is now rolling out an update to its Android app. So if you’re an Android user, you should head over to the Play Store and install it immediately irrespective of whether Twitter contacted you.

“We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution. We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe,” the company said in a blog post.

Since the method for abusing the glitch wasn’t all that straightforward, it’s unlikely a lot of users have been impacted due to this. Twitter essentially left a sensitive storage area of its app unprotected. By either through another third-party app or an unverified online download, a hacker could, in theory, exploit that to insert a piece of malicious code into where Twitter stores your private information on your phone and misused that access to fetch your personal data as well as post messages and tweets from your profile.

This latest security flaw is, in a lot of ways, similar to the one that happened about a month ago. On November 25, Facebook and Twitter said private data of “hundreds of their users” was compromised through malicious third-party Android apps. The breach, the two social media companies claimed, was caused because there wasn’t sufficient isolation between various software developer kits within a single app on Android.

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
Twitter is now giving money to some of its creators
A lot of white Twitter logos against a blue background.

Some Twitter users are now earning money via ads in the replies to their tweets.

New Twitter owner Elon Musk announced the revenue-sharing program in February, and on Thursday some of those involved have been sharing details of their first payments.

Read more
Twitter goes after ‘copycat’ app Threads
A stylized composite of the Twitter logo.

With Meta’s new Threads app having picked up 30 million users on its first day, it’s little wonder Twitter is upset.

In fact, it’s so put out by Meta’s very similar app that it’s now threatening to sue the company, accusing it of violating Twitter’s intellectual property rights.

Read more
Have an iPhone, iPad, or Apple Watch? You need to update it right now
iPhone 14 Pro Max against a red background.

If you own an Apple product — be in the iPhone, iPad, Apple Watch, or a Mac — you should update it immediately. Why? Apple has begun rolling out updates to all of its devices with fixes for a serious security vulnerability.

The security vulnerability is known as CVE-2023-32434, and it has to do with the kernel privileges of Apple devices. Per Apple's website, the vulnerability allows third-party apps to "execute arbitrary code." In other words, if a bad actor knows how to exploit this vulnerability, they could potentially gain access to your Apple device and wreck havoc.

Read more