X fixes URL blunder that could enable convincing social media phishing campaigns

X fixes URL blunder that could enable convincing social media phishing campaigns

April 10, 2024 at 06:42AM

X’s recent bug resulted in Twitter.com links being auto-changed to X.com, posing security risks and potential abuse. The feature had inadvertently masked malicious links as legitimate ones. X has since reversed the issue, but the incident highlighted a significant oversight. Notably, X has not publicly addressed the matter, raising concerns.

Based on the meeting notes, here are the key takeaways:

– X has apparently fixed an embarrassing issue related to URL handling on the social media platform formerly known as Twitter.
– An initial bug in X’s iOS app led to auto-changing Twitter.com links in Xeets to X.com links, despite the active use of the Twitter.com domain.
– This buggy implementation resulted in security vulnerabilities, enabling users to potentially publicize malicious web pages disguised as legitimate domains.
– There was a potential for abuse, particularly with well-known brands, and the issue went unchecked for at least nine hours before being addressed.
– Tests on Wednesday indicated that the issue has been reversed, and the Twitter-to-X policy no longer applies for the domain when written in all-caps, suggesting that the problem has been properly fixed.

These takeaways highlight the serious nature of the issue and the importance of thorough testing and oversight in implementing new features.

Full Article