2 matches found
Vulnerable Twitter API Leaves Tens of Thousands of iOS Apps Open to Attacks
Researchers are warning that an old Twitter API still used by popular iOS mobile apps that could be abused as part of a man-in-the-middle attack. It could be used to hijack Twitter accounts and compromise other third-party apps that are linked to the same “login with Twitter” feature. According t...
CVE-2019-16263
The CVE-2019-16263 issue affects the Twitter Kit framework for iOS up to version 3.4.2. The root cause is improper validation of the api.twitter.com SSL certificate, including a lack of hostname verification despite a pinned-certificate approach. This can enable man-in-the-middle attacks on apps ...