Thanks, this was the missing piece in my understanding. I was wondering how only knowing only 1 bit would be useful. Suppose the attacker wants to read this entire address (0xabde3167) using this method. Is it guaranteed that over multiple runs, this address would be the same each time at that point in execution?
It is certainly possible that the memory the exploit is trying to read might be changing under its nose. An actual implementation of the exploit would need to account for that.
Some researchers had independently create and demonstrated working PoC based on the linux patches they saw which read kernel memory from user space. At that point it was already public.
After that its all about PR and getting people prepared for the magnitude and impact early.
Also to let people know that patches that were already available can be used (restarting GCP/AWS instances, SPI on chrome).
Would participation in company-internal conferences/technical summits also count, other than the usual internationally reputed journals/conferences? Could you please elaborate on "this is more available than many people realize"? Thank you for doing this AMA.
Internal company stuff doesn't really help other than possibly to bolster that you're playing an "essential role" for your company. If you want me to drill down deeper and get into the specifics, send me your CV.
I noticed that immediately, too; I just assumed the author changed the source before taking screenshots and forgot to update it on site code. If a font was doing that, it would be criminal.
