CVE-2013-5726 Information

Description

Tweetbot 1.3.3 for Mac and 2.8.5 for iPad and iPhone does not require confirmation of (1) follow or (2) favorite actions which allows remote attackers to automatically force the user to perform undesired actions as demonstrated via the tweetbot:///follow/ URL.

Reference

http://blog.binaryfactory.ca/2013/11/cve-2013-5726-tweetbot-for-ios-and-mac-user-disclosureprivacy-issue/ http://osvdb.org/99256 http://seclists.org/fulldisclosure/2013/Nov/9