FTA: But to simplify my first security experiment with Fuchsia, I decided to disable SMAP and SMEP in the script starting QEMU and create the fake vtable in my exploit in the userspace
I don’t see them re-enabling it later, so yes, they found security problems, but they didn’t show a complete attack, either.
Also from the start they introduce a bug in the kernel (in the TimerDispatcher implementation), and this is the very bug they focus on and eventually write an exploit for.
They explain why they do so, and the article is extremely valuable as a first step and tutorial to get started in Zircon kernel hacking. They also find some actual issues, including one CVE. But I disagree the article shows how "unsecure Fuchsia is as a result of being unfinished".
I don’t see them re-enabling it later, so yes, they found security problems, but they didn’t show a complete attack, either.