CVE-2016-10511

Name of the Vulnerable Software and Affected Versions Twitter iOS client versions 6.62 through 6.62.1

Description The issue allows man-in-the-middle attackers to view an application-only OAuth client token by exploiting the failure to validate Twitter's server certificates for the "/1.1/help/settings.json" configuration endpoint. This could potentially enable unreleased Twitter iOS app features.

Recommendations For Twitter iOS client versions 6.62 through 6.62.1, consider restricting access to the "/1.1/help/settings.json" endpoint until a patch is available. As a temporary workaround, avoid using the Twitter iOS client for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.