Quote:
Originally Posted by knc1
The full answer should be obvious in a week's time. 
But consider what has to happen to install our developer's signature certificate; execution of arbitrary code with 'root' privileges. Never a nice thing on any computer system.
For instance, the 2012 vulnerability was not under the user's control, which is why it could represent a threat. (See links above for details of that one).
|
Seeing as it's installed by a user on their device (presumably connected to their computer via a cable), and another user cannot access it remotely, I don't see any practical threat, but obviously you know a lot more about it than me, and I understand your reluctance to discuss the details.
Edit: Okay, I see that if the device is rooted, theoretically connecting to a malicious web page could be a threat.