← voltar
CVE-2013-5726

CVE-2013-5726

EPSS 1.1%
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://blog.binaryfactory.ca/2013/11/cve-2013-5726-tweetbot-for-ios-and-mac-user-disclosureprivacy-issue/http://osvdb.org/99256http://seclists.org/fulldisclosure/2013/Nov/9