So basically they don't do input validation. Any file signed (maybe) by CS is treated as valid and the kernel driver loads it. Wow.
I'm curious how this scenario, malformed definitions file signed by CS itself is not verified in any way on the endpoint. Like a try {} catch something...
I mean, the failure is spectacular in its simplicity.
I'm curious how this scenario, malformed definitions file signed by CS itself is not verified in any way on the endpoint. Like a try {} catch something...
I mean, the failure is spectacular in its simplicity.