• Frank [he/him, he/him]@hexbear.net
      link
      fedilink
      English
      arrow-up
      17
      ·
      4 months ago

      It’s normal white-hat practice. White hat hacker ethics require you to contact the company and give them lots of chances to fix it.

      But if they refuse to fix it or inform people of the vulnerability you broad-band it to the world because it’s the only way to force the company’s hand.

      It sounds like you basically need to have root access to the computer to take advantage of this. Like if someone can use this your system is already totally pwned. But, like, if a spy or something gets access to a machine they could load this and then it’d be in the system with no way to find it or dig it out.