TweetDeck patches XSS vulnerability after rampant pop-up spam

Sign out of TweetDeck and clear your cache to apply the fix.

If you saw strange pop-up messages in TweetDeck this morning, you weren’t alone. It wasn’t the work of the Syrian Electronic Army, just some relatively harmless XSS exploitation.

If you saw strange pop-up messages in TweetDeck this morning, you weren’t alone. It wasn’t the work of the Syrian Electronic Army, just some relatively harmless XSS exploitation.

If you saw strange pop-up messages in TweetDeck this morning, you weren't alone. It wasn't the work of the Syrian Electronic Army, just some relatively harmless XSS exploitation.

The vulnerability allowed hackers to remotely execute code, specifically in TweetDeck's Chrome app, though the exploit was spotted in other TweetDeck versions. (The Mac app was reportedly not affected.)

Some 40,000 Twitter accounts also unwittingly retweeted a string of code from a My Little Pony account, thought to be the result of the same vulnerability.

TweetDeck parent Twitter hasn't said what the issue was, but shortly after the pop-ups started spreading like wildfire, TweetDeck announced the vulnerability had been patched. Many Twitter users also use TweetDeck to schedule and manage posts for multiple accounts.

After you log out of TweetDeck, make sure to clear your cache and delete any accidental retweets that may have hit your account.

Join the CSO newsletter!

Error: Please check your email address.

Tags spamTweetDeckantispamsecuritytwitterSocial networking software

More about TweetDeck

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Caitlin McGarry

Latest Videos

More videos

Blog Posts