Cancel your tapulous accounts now.

[SkylarEC]

There is an utility called UDID changer, which is useless, but whatever. UDID can be used to change the UDID on someone's phones to your UDID.

Tapulous' complete authorization system is based on UDID. This means that if someone has your UDID and UDID changer, then they have access to your tapulous account. Tapulous stores your passwords on their server, and the only way to get to it is with the correct UDID, your UDID.

A malicious user changes their UDID to your UDID, accesses your Twinkle account and now have access to your Twitter and Facebook, and whatever else they store.


For the sake of safety, cancel your Tapulous accounts as soon as possible, or change your twitter and facebook passwords until this vulnerability is fixed.


All it takes for someone to get your UDID is for you to give it to them, whether or not you know you are. Well, how is this possible?

• The malicious user may just ask you, and you may give it to them.
• The malicious user may give you screenshots for a fantastic application they are making and offer you a beta. Of course, they need your UDID for you to beta test.
• The malicious user may be someone you know that actually has access to your device.
• Installer applications, such as Installer and Cydia send requests to the server with the UDID in the request. The maicious user may set up a repo to collect UDIDs.
• Etc. There are so many ways, it's ridiculous.

Basically, you are not safe if you have a iPhone or iPod touch and a Tapulous account, you are at risk.


UPDATE Tapulous are aware of the exploit, and are now working on a fix.

[HxC1337]

*goes to cancel account*
Woah thats not ok. Thanks for the heads up.

[mitchell209]

Oh, that doesn't sound good.

I don't know my Tapulous account, though.
I don't even have a Facebook, so it's all good for me, though.

Let's hope they can fix this soon.

[BadKarma]

Very true, but I wonder how you are going to get the "dim-witted" to heed this warning.

[mitchell209]

Quote:

Originally Posted by The Joker

Very true, but I wonder how you are going to get the "dim-witted" to heed this warning.

We're not. We'll just laugh at them for not heeding the warning.

[SkylarEC]

The dim witted failing to heed the warning are those that will make Tapulous take notice and fix their system.

[APVangeliLMS]

What?

I would think they should get right on to fixing that like now!

Twinkle is the only twitter app I like to use though... darn.

[SkylarEC]

Quote:

Originally Posted by APVangeliLMS

What?

I would think they should get right on to fixing that like now!

They won't fix it if they don't know about it. Spread the word.

[APVangeliLMS]

Quote:

Originally Posted by SkylarEC

They won't fix it if they don't know about it. Spread the word.

I shall tell them through their twitter and twinkle accounts!

[negro101]

alright. How do u cancel it?