I should probably preface all of this by saying that I’m not really a security professional in the sense that I don’t actually do security stuff for a living; I reported this vulnerability in March and gave a 90 day delay on releasing specific details mostly just because that’s A Thing That Security Researchers Do. Also the vulnerability doesn’t require user interaction from coldboot so it’s a bit nasty in that regard. But also this vulnerability sat around for 7 years so it could b...
