X, the social media platform formerly known as Twitter, recently grappled with a significant security flaw within its iOS app. The issue involved an automatic alteration of Twitter.com links to X.com links within Xeets, causing widespread concern among users. While the intention behind this change was to maintain brand consistency, the execution resulted in potential security vulnerabilities.
The flaw originated from a feature that indiscriminately replaced any instance of “Twitter” in a URL with “X,” regardless of its context. This meant that legitimate URLs containing the word “Twitter” were also affected, leading to situations where users unknowingly promoted malicious websites. For example, a seemingly harmless link like netflitwitter[.]com would be displayed as Netflix.com but actually redirect users to a potentially harmful site.
The implications of this flaw were significant, as it could have facilitated phishing campaigns or distributed malware under the guise of reputable brands such as Netflix or Roblox. Despite the severity of the issue, X chose not to address it publicly, likely in an attempt to mitigate negative attention.
The glitch persisted for at least nine hours, possibly longer, before it was eventually rectified. Subsequent tests confirmed that URLs are now displaying correctly, indicating that the issue has been resolved. However, it’s important to note that the auto-change policy does not apply when the domain is written in all caps.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents