Tweetdeck has an XSS flaw. Here’s what you should do right now


TweetdeckA potentially serious security flaw has been found in Tweetdeck, a popular Twitter client.

At the time of writing the cross-site scripting (XSS) flaw doesn’t appear to have been exploited maliciously.

But that doesn’t mean you should rest on your laurels - after all, information about how to exploit the flaw is out there, and it is easy to imagine how someone could take advantage of it with malicious purposes.

XSS in Tweetdeck

XSS in Tweetdeck

In my opinion, Tweetdeck isn’t safe to use until the flaw has been fixed.

So you need to quit Tweetdeck right now, and revoke its access to your Twitter account.

Here’s how you do it:

1. Go to the Apps section of your Accounts settings on the Twitter website: (If you are not already logged into Twitter, it will ask you to enter your password and two-factor authentication, if enabled).

You should see a screen like this, with your account and the various apps that you have granted access to your Twitter account.

Twitter apps

2. Find Tweetdeck in the list and revoke its access by pressing the button entitled (imaginatively) “Revoke access”:

Revoke Tweetdeck's access to your account

You’re all done.

By the way, there’s no harm in seeing what other applications you have granted access to your Twitter account - and remove any which you don’t recognise or don’t use any more.

Of course, now you don’t have a Twitter client. For the time being you might want to try using the Twitter website itself. Hopefully a fix will be announced for Tweetdeck shortly.

Oh, and feel free to follow me for the latest security news and updates. I’m @gcluley on Twitter.

Update: Tweetdeck says it has fixed the issue.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.