Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/11/2013 Updated: 13/11/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote malicious users to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tapbots tweetbot 2.8.5
tapbots tweetbot 1.3.3

Tweetbot fails to prompt for user confirmation prior to taking an action allowing for malicious iframes to trigger actions on Twitter unknowingly ...

CWE-352 http://blog.binaryfactory.ca/2013/11/cve-2013-5726-tweetbot-for-ios-and-mac-user-disclosureprivacy-issue/http://seclists.org/fulldisclosure/2013/Nov/9 http://osvdb.org/99256 https://nvd.nist.gov https://packetstormsecurity.com/files/123891/Tweetbot-Lack-Of-User-Confirmation.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-5726

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect