Exploiting CSP in WebKit to Break Authentication and Authorization

Explore a critical vulnerability in WebKit that affects Safari and all iOS browsers, including Firefox and Chrome. Delve into how this flaw, combined with a browser security feature, can be exploited to leak cross-site information, compromising authentication and authorization technologies like Single Sign-On and OAuth. Learn how this vulnerability potentially grants unauthorized access to user accounts across various web applications. Gain insights from security researchers Prakash Sharma and Sachin Thakuri as they present their findings in this 28-minute Black Hat conference talk, highlighting the importance of robust browser security implementations and the far-reaching consequences of seemingly minor flaws.

Exploiting CSP in WebKit to Break Authentication and Authorization