updated 03:54 pm EDT, Wed June 11, 2014
XSS attack leaves Tweetdeck's web users vulnerable to scripts in Tweets
Tweetdeck, a Twitter client that Twitter purchased in 2011, allows for the management of multiple accounts, columns of information and scheduled tweets in a single solution. Twitter has had some hiccups since picking up the program, including another XSS vulnerability that was found shortly after the purchase.
Today's scripting attack affected the web client version of Tweetdeck, but Twitter issued a quick fix once the company was alerted to the problem. This first fix, which would apply after a user logged out and back in, didn't appear to completely fix the problem. Twitter then turned to the complete take down of all versions.
Within the course of two hours, Twitter had pulled down and patched the vulnerability in Tweetdeck. During the downtime in the service, Twitter took the time to check to see if the fix put an end to the issue. According to a statement on Twitter, it has been successful.
During the time before the patch, the vulnerability has been confirmed from several sources as occurring in Chrome on both OS X and Windows machines. Some reports from Twitter say that the Mac standalone client wasn't affected, but the Windows version saw pop-ups.
Twitter now says that the vulnerability has been patched. It is suggested that Tweetdeck users log out and back in to ensure the application updates to the most recent version.
We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience.- TweetDeck (@TweetDeck) June 11, 2014