Facebook, Twitter, Google, Microsoft, and other major online services all have vulnerabilities in their social media apps, a security researcher said.
BlueKeep, the default Twitter app for Windows 10, is vulnerable to the “SocialX” flaw, which could allow a hacker to impersonate a user and perform various attacks on the user’s account.
BlueBear, the same Twitter app, is also vulnerable to this flaw, but only for Facebook, Google and Microsoft accounts.
The vulnerability is discovered in the BlueProtect app, which allows users to share images and video.
The security researcher, who goes by the name ‘josh’, said the exploit is present in BlueProtect for Windows Phone, but not for Android, Mac OS X or Linux.
“BlueProtect is the most common social media app in the Windows 10 world, but it doesn’t seem to be secure,” he wrote in a blog post.
“A simple attack could compromise a user’s BlueProtect account.”
The vulnerability allows an attacker to bypass the security restrictions of the BlueProtection app and create a malicious web page.
The attacker can also exploit this vulnerability to install malicious software on the device.
“In order to perform this attack, the attacker needs to compromise BlueProtect’s app,” said Josh.
“Once they have compromised BlueProtect, they can exploit the vulnerability to perform a number of malicious activities, including a web injection, a SQL injection attack, and even a remote memory overwrite.”
The vulnerabilities are not unique to BlueProtect.
Twitter also has a bug in its app.
The BlueProtect flaw was first discovered by security researcher Dan Bernstein, who posted a blog detailing the vulnerability last month.
Bernstein said Twitter’s app has “only” one flaw.
“This is the only flaw that has been identified, and that is the one that allows an arbitrary code execution in the app,” he said.
“If the attacker is able to gain root privileges on the system, then they can use it to install arbitrary code.”
The researchers said the issue was discovered when BlueProtect was updated to version 4.1.3 on October 28.