Vulnerability Details CVE-2013-5726
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.2%
CVSS Severity
CVSS v2 Score 6.8
References
- http://blog.binaryfactory.ca/2013/11/cve-2013-5726-tweetbot-for-ios-and-mac-user-disclosureprivacy-issue/
- http://osvdb.org/99256
- http://seclists.org/fulldisclosure/2013/Nov/9
- http://blog.binaryfactory.ca/2013/11/cve-2013-5726-tweetbot-for-ios-and-mac-user-disclosureprivacy-issue/
- http://osvdb.org/99256
- http://seclists.org/fulldisclosure/2013/Nov/9