GPT-4: A critical security vulnerability (CVE-2023-28131) has been discovered in the OAuth implementation of the Expo.io app development framework, potentially exposing services to credential leakage and account hijacking. The flaw could allow threat actors to perform arbitrary actions on behalf of compromised users on platforms like Facebook, Google, and Twitter. Expo has deployed a hotfix and recommends users migrate from using AuthSession API proxies to directly registering deep link URL schemes with third-party authentication providers for single sign-on features.
Read more at The Hacker News…