Unauthenticated Follow and Favorite Vulnerability in Tweetbot

Unauthenticated Follow and Favorite Vulnerability in Tweetbot

CVE-2013-5726 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.

Learn more about our User Device Pen Test.