RSS   Vulnerabilities for 'Tweetbot'   RSS

2013-11-12
 
CVE-2013-5726

CWE-352
 

 
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.

 


Copyright 2024, cxsecurity.com

 

Back to Top