Oddbean new post about login | logout Did they ever outline what the actual RCE exploit was? Or are they waiting for enough updates to paper it over?
TLDR, CUPS + bonjour was auto adding any printer advertised to it over mdns and not validating data coming from the printer. Spoof a printer advertisement and send malicious code. Tada, remote code execution as root.
Linux was adding something automactically without User input? I understand discovery, but non-validated or approved data? Sheeeeesh.