There is a critical security vulnerability that allows an attacker to remotely execute code on your system. Granted, "all" it can go is send out tweets from your account, follow users or do other tasks that your Twitter account can do, i.e. it can't access your local hard drive or system. Still, though, having tweets go out from your account(s) via Tweetdeck could be harmful in any number of ways.
More information is available in these articles:
- The Verge: TweetDeck vulnerability lets attackers execute code remotely
- The Guardian: Tweetdeck vulnerability found by teen trying to code emoji heart
- Vox: Here's how that major Tweetdeck vulnerability works
It seems to be the stereotypical case where a programmer didn't check to see if the text that is about to be displayed contains only allowed HTML code. This is the kind of error that has been found in any number of web applications over the years.
The net is that you need to update Tweetdeck to the latest version through whatever means you use to update your computer.
If you are a regular user of Tweetdeck you should have seen an update notice come up last week - and hopefully you did so! If you only occasionally use Tweetdeck, you may want to go in now and make sure you update to the latest version.
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on App.net;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.