From Black Hat EU: Exploiting CSP in Webkit to Break Authentication & Authorization
TL;DR: Apple said this “did not pose a threat.” The researchers went on to collect >$100k from bug bounties before Apple silently fixed it. Nice work as usual Apple.
Save my name, email, and website in this browser for the next time I comment.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
To register please enter your E-Mail address then click on the Sign-Up button (Your E-Mail address will be confidential).