[mda]

"How insecure" a surprising conclusion based on a single exploit.

[29athrowaway]

If you read the article it mentions that ASLR doesn't work, and it's treated as a "known bug".

[kerneis]

Kernel ASLR. User-space has ASLR enabled and working, in addition to shadow stacks and a number of other hardening techniques.

[binkHN]

The article also references syscalls that are marked with TODOs for validation of those calls.

[mda]

Do you assume I didn't read the article? Calling it insecure based on this is absurd.

[rvz]

Exactly I also find it slightly silly to immediately declare this 'insecure' in this case here.

If it was directly end-to-end on say a Nest Hub running a release version of Fuchsia then that would be a more convincing here, as that would confirm that it can be deployed and the bug can be exploited in the wild and in production and not on a newly built developer version running in an emulator.

The writeup of finding and exploiting this bug is impressive, but whether if you can use that exploit to directly attack a production version of Fuchsia on a device like the Nest Hub is another thing, which is the same way security researchers do to break live versions of other OSes like macOS, Windows, Android and Linux.