Security researchers say the bug undermines SMS-based two-factor codes, advising a switch to authenticator apps until patches arrive.
