Twitter security blog, said the use of loopholes in the process is relatively complex, at least at this stage, there is no evidence that the vulnerability was being exploited in the wild. To exploit this vulnerability, you need to insert malicious code into the restricted storage area Twitter Android, and then use some protective measures to enforce this code. The attacker after the successful implementation of the code, they have an account with administrative privileges, and can directly access the user's account and view protected tweets and other private information. Although there is no evidence that hackers have taken advantage of this vulnerability, but Twitter or send an e-mail to all Android users to alert the user for security reasons to upgrade to the latest version.
It should also be recalled that this vulnerability can operate the user account on the Android version of Twitter, but essentially, the attacker will not steal the user's account password directly. Therefore, even if the user uses Android version of Twitter, there is no need to change the password. Twitter official did not mention the need to change the password security blog and email. Of course, Twitter is still conduct a thorough investigation of the security breach.