This is bad but the bigger question I have is: given this was allowed to ship, what other exploits exist like this across their portfolio?