LINKEDINCOMMENTMORE

Twitter shut down its popular TweetDeck application Wednesday after a code fix that was supposed to plug a security vulnerability failed.

TweetDeck's Twitter account is currently the only update on the situation. It readers, 'We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up.'

A Twitter spokesman declined to comment.

Earlier in the day Twitter pushed out a code fix that was supposed to close the security hole but did not.

At that point the company tweeted out 'A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix.'

Less than an hour later, the site was taken down.

TweetDeck is a free download for desktop computers, iPhones, Google's Android devices and the Google Chrome browser. The software allows users to organize their Twitter streams and offers a more user friendly view of Twitter feeds.

The vulnerability allows attackers to place computer code in a tweet. Once the tweet appears inside Tweetdeck, allows it to run actions and be re-tweeted to other accounts.

'Tweetdeck appears to have jumped on this issue and patched it, but we're still seeing it spread like wildfire through Twitter,' said Trey Ford, a security expert at Rapid7, a security firm based in Boston.

'This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we're seeing is a 'worm' that self-replicates by creating malicious tweets,' he said.



It was originally reported that the vulnerability only affected the app's desktop program and only when it was run on Google's Chrome browser. However users on other platforms, including Internet Explorer 9, are also reporting getting hacked.

According to the website Verge, users reported getting random pop-up windows containing messages such as 'Yo!' or 'Please close now TweetDeck [sic], it is not safe.'

Twitter bought TweetDeck in 2011 for about $40 million.

Released in 2008, it was the first third-party Twitter application to catch on with Twitter users.

Read or Share this story: http://www.wvec.com/story/news/2014/09/10/14870386/