Tumblr posts ‘very important’ app update to patch security flaw


Yahoo-owned Tumblr issued an update for its native iOS app last night, bringing the client to version 3.4.1. But you won’t find any new features or UI enhancements in this release—this particular update is all about security.

Apparently the popular micro-blogging service was recently made aware of a major security issue, which in some cases allowed user passwords to be compromised. So it’s urging users to download this ‘very important’ update…

From Tumblr’s blog:

“We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances¹. Please download the update now.

If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It’s also good practice to use different passwords across different services by using an app like 1Password or LastPass.

Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.”

Speaking with The Verge, a representative of the company said that Tumblr was notified of a security vulnerability introduced into its iOS app yesterday morning. It then took immediate action to fix the issue and notify users.

Tumblr plays host to some 120 million blogs, with over 55 billion blog posts. The blogging platform, which was founded by David Karp in 2007, announced in May that it had been acquired by Yahoo for a staggering $1.1 billion.

At any rate, for those of you who use the service—and especially the mobile app—it’s highly recommended that you change your password, and download the latest version of Tumblr. As usual, you can find it in the App Store for free.