A XSS vulnerability in TweetDeck – one of the most used client for Twitter – forced the microblogging platform to shut it down to ensure security of its users. Just about an hour back, Twitter restored TweekDeck services claiming that it has fixed the vulnerability.
The vulnerability affects certain versions of TweetDeck (3.7.1-19002e5), which execute JavaScript code present within tweets from other sites.
In the most harmless forms of attack, the XSS can be used to follow / unfollow other Twitter users, but the vulnerability can also be used to hijack users’ accounts.
Earlier TweetDeck revealed through a tweet that the vulnerability has been fixed and users are required to logoff from their TweetDeck account and log back in to fully apply the fix.
However, users revealed that this particular method wasn’t working and that the app was still executing JavaScript. Twitter was flooded with messages that TweetDeck’s solution isn’t working.
This forced Twitter to take note and take TweetDeck offline. “We’ve temporarily taken TweetDeck services down to assess today’s earlier security issue. We’ll update when services are back up”, read a tweet from TweetDeck.
An hour after this tweet, Twitter informed that the service is back online after it verified that its fix is working and has successfully patched the vulnerablity.
“We’ve verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience”, read the tweet.
