Despite Google's attempts to reassure and downplay the issue, security researchers continue to warn of an exploit that uses an unauthenticated OAuth endpoint called “MultiLogin” to restore expired cookies and login to user accounts. This vulnerability seems to be particularly popular among malware developers at the moment.
The company says it has “secured the compromised accounts” and that the API is working as intended. Affected Update codes can be permanently disabled by manually logging out of the device. For the experts at Bleeping Computer, this is not a convincing answer, as it is not possible to determine how many people have actually been affected by the vulnerability, and no protection has been created for future victims.
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”
More Stories
Red Dead Redemption: Classic coming soon to gaming subscriptions from Sony and Microsoft?
GraphicArt Profi Day on “Fujifilm GFX System” including new products
Assassin's Creed Shadows: This changes the classic theme of the series