Eric from https://www.Unciphered.com here:

If you want to see the attack in action it starts at 17:28 - https://www.youtube.com/watch?v=yMz_Gfxkkks in our talk: SEC-T 0x0E: Eric Michaud & Tom Smith - Crypto Vuln Cornucopia - From the archives of Team Kairos.

The vulnerability we found existed in from 2.1 and every version to now 4.2.1 and forks of Electrum Wallet. We disclose the most utilized wallets by user base beyond Electrum Wallet in the talk that patched in a coordinated disclosure. The team EW was great to work with.

The reality of the vulnerability is that we wrote the Windows exploit in about a week once we determined the flaw which was a Python Open statement. People who have specialization writing exploits for say...iOS could take the vulnerability potentially and write a exploit for iPhone. We just wanted to prove we could get shell and/or steal a wallet which we did.

After that we reached out as fast as we could to get this patched. We wouldn't be surprised if someone wanted to write an exploit for TAILs/iOS/Android/Mac/etc etc each in the future for the versions from 4.2.1 and backwards.

Happy to chat more about this and other vulnerabilities we're discovering during work.

-E.