OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking | Threat Post

“The attack requires no interaction with a victim or their device. As described in the paper, it requires an attacker-owned SSL man-in-the-middle proxy to be set up for the attacker’s device.”