• EmoThugInMyPhase [he/him]@hexbear.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 months ago

    I feel like 99% of these existential vulnerabilities can only be utilized by state actors until some NSA bozo leaks it because he got demoted for stalking his ex girlfriend

    • Frank [he/him, he/him]@hexbear.net
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      It’s normal white-hat practice. White hat hacker ethics require you to contact the company and give them lots of chances to fix it.

      But if they refuse to fix it or inform people of the vulnerability you broad-band it to the world because it’s the only way to force the company’s hand.

      It sounds like you basically need to have root access to the computer to take advantage of this. Like if someone can use this your system is already totally pwned. But, like, if a spy or something gets access to a machine they could load this and then it’d be in the system with no way to find it or dig it out.