Please note this exploit was found by a security researcher who was reviewing code with our support and blessing. When calling your stuff secure it is important to "put up or shut up". When approached by a security researcher who wants to evaluate what you publicly proclaim as secure, you can A: let them and work with them, or B: well there are other ways to deal with them. So yes the exploit was found with our blessing, fixed, announced without any reports of actual compromised systems.
↧