A recently-patched set of flaws in Samsung’s mobile site was leaving users open to account theft. Bug-hunter Artem Moskowsky said the flaws he discovered, a since-patched trio of cross-site request forgery (CSFR) bugs, would have potentially allowed attackers to reset user passwords and take over accounts.
Read full news article on The Register