A critical API flaw in the Expo open-source framework allow attackers to harvest auth credentials via the Open Authorization (OAuth) protocol. The vulnerability, while impacting a relatively small number of developers, had the potential to impact a wide range of users logging in to online services such as Facebook, Twitter or Spotify via the open-source framework, according to researchers at Salt Labs that found the bugs.
Read full article on SC Magazine