Home Security Flaw found in Twitter’s Flash Widget

Security Flaw found in Twitter’s Flash Widget

A recently discovered security flaw in Twitter’s Flash-based website widget may have allowed attackers access to the login credentials of any Twitter user. According to Mike Bailey, an analyst at Foreground Security, the problem involves a known vulnerability in Adobe’s Flash programming language, the language used to code the Twitter widget. In response, Twitter has disabled the widget in question while they research the issue further.

Oddly enough, the vulnerability in question was initially discovered back in 2006, but many website operators have yet to address it says Bailey, according to a Reuters UK news story about the potential Twitter security hole. After analyzing Twitter’s website, Bailey says the site may have been open to attack from hackers attempting to exploit this particular security hole for over a year.

But the researcher doesn’t blame Adobe for the issue – the company informed programmers how to address the vulnerability years ago. Instead, this problem has to do with the “how the developers at Twitter, or whoever did this, built the Flash applications,” Bailey told a reporter at InternetNews.com.

According to a post on the Twitter Status blog, the company has exercised “an abundance of caution” in disabling access to the widget as they have not yet heard about any accounts being affected by the reported vulnerability. However, says Bailey, there’s no way of know if any users were ever impacted by the issue and, if so, how many. “That is one of the big scary things; if they are being attacked, there is almost no way to find out short of a very close examination of the server logs or client logs, which generally aren’t stored,” he said.

This is by no means the first security issue for the microblogging startup. The company has seen everything from DNS hijacking to the theft of corporate documents and even fell victim to a distributed denial-of-service attack which affected other social media properties on the web including LiveJournal and Facebook. Twitter users have also had their accounts hacked and have had to deal with the constant threat of internet malware posted to the site via shortened links. If anything, a news story about yet another Twitter security threat almost seems like a non-event these days, given how many issues the company has faced over the few short years they’ve been in operation. But considering current Twitter’s status as a piece of our modern-day’s communication infrastructure, it’s unnerving to hear about issues such as these…especially considering how this one in particular should have been addressed from the get-go.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.