Daring Fireball Loads JavaScript from a random person’s GitHub Pages site (lonelycpp.github.io) for YouTube embeds. If that account is compromised, arbitrary code runs in the app’s WebView. […] As quoted by John from the original work by someone called Thereallo. Sorry, the poor site has been Fireball’d. This isn’t poking at John or the person who did the digging around, but I do have one thing to point out. I noticed it’s an NPM package targeting React Native applications, so we know it’s ...
No comments yet. Log in to reply on the Fediverse. Comments will appear here.