A cross-site scripting flaw that allowed several worms to spread on Twitter has been repaired.
Twitter has addressed the issue on the main company blog:
The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed.
The longer version of the story can be read on the blog.
September 21, 2010
NEWS