The company has no evidence that the vulnerability has been exploited.
Twitter reported a vulnerability in the Android version of the application, which could compromise the user account.
This problem affects only the client for Android, and its operation allows an attacker to “view confidential information or take control of an account” by injecting malicious code into the application’s limited storage areas. Thus, the offender can send tweets or direct messages, as well as access to the user’s personal messages, protected tweets and geodata.
“We have no evidence that the malicious code was embedded in the application or that this vulnerability was exploited, but we cannot be completely sure, therefore, we are especially careful,” the company said in a blog.