Skip to main content

PSA: Android users should update Twitter immediately to avoid this exploit

Twitter Logo OnePlus 6
Twitter Logo OnePlus 6 (Image credit: Android Central)

What you need to know

  • Twitter this week revealed a major vulnerability in its Android app.
  • The exploit could allow an attacker to get access to sensitive information or even take control of a Twitter account.
  • The company is communicating mitigation strategies to users it believes are at risk and is advising everyone to update the app.

Twitter's Android app was exposed to a nasty vulnerability for a bit, the company informed users in a new post on its privacy blog. The exploit could allow an attacker to "see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages)."

The exploit, which involved uploading malicious code to restricted storage areas of the app, has not yet been used to the company's knowledge, but the Twitter is cautioning users that it can't be sure. It's already fixed the issue in the latest version of the app and is asking all users to upgrade as soon as possible. It's also reaching out to users it believes may be at risk directly via email or Twitter with mitigation instructions.

The exploit could allow someone with malicious intent to access your Direct Messages, protected Tweets, and location information. Thankfully, the iOS app was spared from the mishap.

While you're at it, you may also want to update WhatsApp, as the messaging app, too, has fixed a bug in its app that could have allowed a nefarious actor to crash the app entirely without any recourse but to re-install it from scratch.

Twitter now supports 2-factor authentication without a phone number

4 Comments
  • All well and good, but there's no option to do so in the app or in the Google Play Store. The most recent update is 12/17
  • Update is there it just takes awhile for people to get them.
  • I looked yesterday No update, I looked just a few minutes ago and now there's an update.
  • The update does not change the version number at all. Not even a .0X; which would be nice to tell them apart. That makes me nervous. So I uninstalled Twitter for a bit until the all clear has been sounded. They may say that it only affects the app, but my business is run on my phone and begs to differ.