CVE-2013-2318 Information

Description

The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information which allows attackers to hijack Twitter accounts via a crafted application.

Reference

http://jvn.jp/en/jp/JVN90289505/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000047 http://movatwitter.jugem.jp/?eid=442