Twitter for Android users are being urged to update their app to avoid a security bug that allows a malicious user to access private account data and could also allow an attacker to take control of accounts to send tweets and direct messages. The warning comes from Twitter who said there are no indications the flaw was exploited and that the fix requires a simple app update.
The company said impacted Twitter users will be contacted via email or via Twitter itself if they are vulnerable to attack. Some users impacted by the bug were sent a message that read: “Please update to the latest version of Twitter for Android as soon as possible to make sure your account is secure.”
Twitter said to exploit the flaw a hacker must first insert malicious code into a restricted storage areas of the Twitter app. The company did not disclose any further technical details of the hack.
According to Twitter Support, the bug impacts older versions of Android and that versions 7.93.4 (KitKat – released Nov. 4, 2019) and version 8.18 (Lollipop – released Oct. 21, 2019) and after have already been updated with the fix. According to the Google Play download page for Twitter for Android the app was last updated Dec. 17, 201