TweetDeck patches XSS vulnerability after rampant pop-up spam
If you saw strange pop-up messages in TweetDeck this morning, you weren’t alone. It wasn’t the work of the Syrian Electronic Army, just some relatively harmless XSS exploitation.
The vulnerability allowed hackers to remotely execute code, specifically in TweetDeck’s Chrome app, though the exploit was spotted in other TweetDeck versions. (The Mac app was reportedly not affected.)
The Mac application for Tweetdeck does not appear to be vulnerable to the XSS. Confirmed in Chrome though. <script>alert("Yo!");</script>♥— Frederic Jacobs (@FredericJacobs) June 11, 2014
Some 40,000 Twitter accounts also unwittingly retweeted a string of code from a My Little Pony account, thought to be the result of the same vulnerability.
TweetDeck parent Twitter hasn’t said what the issue was, but shortly after the pop-ups started spreading like wildfire, TweetDeck announced the vulnerability had been patched. Many Twitter users also use TweetDeck to schedule and manage posts for multiple accounts.
A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix.— TweetDeck (@TweetDeck) June 11, 2014
After you log out of TweetDeck, make sure to clear your cache and delete any accidental retweets that may have hit your account.