Hey. Seems some of the reverse engineers may have found some more interesting stuff[0].
As far as I understand it, that would still require a running an reachable sshd (so we'd still be mostly safe). But he also thinks[1] that it may allow an interactive session. (Not that this would change a lot, if the adversary can use system().) Still, shows that there may be more hidden stuff, and we may not be out of the woods yet. Cheers, Chris. [0] https://twitter.com/bl4sty/status/1776691497506623562 [1] https://twitter.com/bl4sty/status/1776692874232434932
