Paradigm researcher: Twitter security vulnerability has been fixed

ChainCatcher news, Paradigm researcher Samczsun posted on social media that the security vulnerability reported by Twitter this morning has now been fixed. The technical summary is as follows: A reflected XSS and CORS/CSP bypass in Twitter subdomains allowed arbitrary requests to the Twitter API as a locally authenticated user.

ChainCatcher previously reported that Paradigm researcher @samczsun pointed out a serious flaw in Twitter, where hackers could gain full access to accounts simply by clicking a link. This means that hackers could tweet, retweet, like, block, and more, but could not change the user's password. Before this issue was resolved, to protect their account security, users were advised to install the ad blocker uBlock Origin to reduce the risk of such attacks.