Twitter’s new look has been a massive hit with users, until this morning when an exploit was discovered that allows javascript to be executed when the user simply hovers over a link.
Some are taking advantage of the loophole to Rick Roll friends, but there are some who have been hit with malware.
Former UK Prime Minister Gordon Brown’s wife Sarah Brown unknowingly sent a link to more than a million followers, many of whom became victims even without clicking any links.
The exploit is limited to those using the new Twitter web interface – users not yet seeing the update or those on third party clients are unaffected.
Twitter are no doubt hard at work to remove the threat, but the embarrassing flaw has spread quickly.
Update: Twitter reports that the exploit has been patched, back about your business, everyone!
> The exploit is limited to those using the new Twitter web interface
untrue, it appeard also on the old version