That is great, however, it is still worrying since we have no chance to know if bad actors had already exploited the vulnerabilities. I am still very sceptical with regard to password managers as SaaS in the cloud – all eggs are in one basket and this basket is often not well enough protected.
The write-up indicates that both of the exploits to get to the Master Password would have required physical access to the device, and one required a root exploit.
