Twitter released a security update about their Android-based app which they suggests an exploit existed, but did not necessarily see any live use. This means that, while this exploit could have been used nefariously, it would SEEM that Twitter patched the problem before anyone got the opportunity to use it out in the wild. This does NOT mean that the exploit couldn’t be used on older versions of the app, of which – as is common with almost any app – there are live examples right now.
There’s a quick fix for you and yours that you’ll want to initiate presently. Update your Twitter app, if you use a Twitter app on your Android device. If you have an Android device that you don’t use often, just update the Twitter app before you use said app again in the future. That should be sufficient to avoid this exploit’s abilities due to the complicated nature of said exploit.
Twitter security’s description of said exploit read as follows. “Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.”
The system with which this exploit worked might also have allowed users to “see nonpublic account information or to control your account” – but again, it does not appear that this happened in the wild.
To update to the newest version of Twitter, head over to the Twitter app on Google Play and tap the update button. If you already have the latest version according to Google Play, you’re all ready in the clear. This exploit affected the official Twitter-made Twitter app for Android only.
You could also consider changing your password, at this time, but this exploit seems to have required only the elder version of the app. Changing your password from time to time is generally a good idea anyway, even if this instance didn’t have to do with passwords directly.