That impact description looks fine to me. Would it help at all (from a risk identification perspective) to point out that this exploit involves identifying objects at random, and so poses additional hurdles for any sort of targeted attack (needle in haystack situation)?
That impact description looks fine to me. Would it help at all (from a risk identification perspective) to point out that this exploit involves identifying objects at random, and so poses additional hurdles for any sort of targeted attack (needle in haystack situation)?