Mouse-Over Exploit Hits

Mouse-Over Exploit Hits

A JavaScript exploit has allowed all kinds of sites you wouldn’t want your boss to catch you looking at to pop-up sites and text through and forcing a re-tweet, even if all a user does is move their mouse over a particular link. Update: It’s been fixed.

The exploit has spread to thousands of accounts now – some with hardcore porn pop-ups, other with jokey references to the exploit – so stick with a third-party Twitter client for the time being to read and send your short updates. [Link and image via Sophos]

Update: Some have reported that simply visiting, with certain tweets from your followers loaded, could be enough to trigger an incident (that link is too, but only to a specific no-link tweet). Avoid entirely until the exploit is repaired.

Update 2: Twitter posts that the exploit has been patched, but it’s likely still a good idea to let the fix propagate through DNS servers before heading back to Twitter’s web client.

Log in to comment on this story!