A PayPal vulnerability can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim s account to any recipient he chooses. The flaw lies in the way that the PayPal authentication flow works with the service’s mobile apps for iOS and Android. PayPal has been aware of the issue since March and has implemented a workaround, but isn t planning a full patch until the end of July. The system can be used on the PayPal web site, but it’s not supported by the PayPal mobile apps right now.
Source: https://threatpost.com/flaw-lets-attackers-bypass-paypal-two-factor-authentication/106852/