Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote malicious users to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tapbots tweetbot 2.8.5 |
||
tapbots tweetbot 1.3.3 |