Doesn't surprise me. There's been few breaks in prior SFI/CFI's. That's why I'm not relying on CPI until strong peer review happens. There's added risk since CFI concept is really a cheat to try to avoid full data or memory safety. They think they'll get security and great performance with the cheat. They usually get the performance. ;)