The developer built an open-source OAuth library for Mac OS X that can be used to interact with the Twitter API and generate authorization links with rogue callback URLs. However, the library, which is called STTwitter, was built for legitimate purposes and is intended to add Twitter support to Adium, a popular multi-protocol chat client for Mac OS X.
According to Seriot, Twitter could prevent such attacks by disabling the callback functionality from its OAuth implementation. However, he doesn't believe that the company will do this, because it's technically a legitimate feature that's used by some clients.
Twitter did not immediately respond to a request for comment sent Thursday.
Sign up for CIO Asia eNewsletters.