...reverse engineered a Nvidia GPU to demonstrate three attacks on both graphics and computational stacks, as well as across them ... All three attacks require the victim to first acquire a malicious program embedded in a downloaded app. The program is designed to spy on the victim's computer ...
The first attack tracks user activity on the web.
In the second attack, the authors extracted user passwords.
The third attack targets a computational application in the cloud.
The researchers reported their findings to Nvidia, who responded that they intend to publish a patch...
Once again, the vulnerability requires a user to download and install a compromised app.
Unknown app, no scanning of the app, just install.
Users can be their own worst enemies
Yet again ... how many people download things like avisynth and its myriad of plugins, vapoursynth and its myriad of plugins, ffmpeg and its myriad of dependencies, x264, x265, etc ?
(excluded mentioning DG's stuff, because DG is self-evidently trustworthy)