Not sure if you've ever actually been in academia, but on any type of publication (paper, thesis, etc.) it is very well understood that title, abstract, introduction and conclusion are "for the masses" while the rest is for the interested (and assumed-to-be-"qualified") reader.
However, I agree that we should expect science journalists to be in the latter group.
So I see failures in both sides of the communication.
So how would you have written the quoted bit? It seems pretty masses-friendly to me, any addition of disclaimers or weasel words would just detract from it.
To raise an earlier quote, a central sentence from the abstract: "In this paper, we discuss the requirements for a successful, full-system, lo-
cal privilege escalation attack on such media, and show
a filesystem based attack vector. " This is also a good description for the masses, and only a very sloppy journalist would read past that and jump to premature conclusions.
(side note: I don't think there's any need to get into credentials about who's been in academia. There are lots of terrible writers, and minority opinions about writing, in academia.)
The quote conveys what the author does. That the average journalist assume that it means they have carried out an attack is on their shoulders, because it clearly states they are only looking at it from the filesystem.
However, I agree that we should expect science journalists to be in the latter group.
So I see failures in both sides of the communication.