CVE-2024-9956 – PassKey Account Takeover in All Mobile Browsers
(mastersplinter.work)
In this blogpost I will go over a vulnerability I found in all major mobile browsers that allowed an attacker within Bluetooth range to take over PassKeys accounts by triggering FIDO:/ intents.
In this blogpost I will go over a vulnerability I found in all major mobile browsers that allowed an attacker within Bluetooth range to take over PassKeys accounts by triggering FIDO:/ intents.