> And in terms of feasibility, this bug is less exploitable than the kinds of bugs that are disclosed in every platform every month; it requires a specific (common, but not universal) set of circumstances to escalate it to code execution.
What I'm afraid of is an attacker stealing my credentials. Code execution bugs obviously is game over for me. But now with everything in the cloud, an attacker could get all I'm afraid of losing by fucking with my SSL connections. If they get access to everything I have on the web the fact that my machine executed no malicious code locally is no consolation.
What I'm afraid of is an attacker stealing my credentials. Code execution bugs obviously is game over for me. But now with everything in the cloud, an attacker could get all I'm afraid of losing by fucking with my SSL connections. If they get access to everything I have on the web the fact that my machine executed no malicious code locally is no consolation.