This vulnerability was very much overblown.

(1) capsicum prevents the attacker from doing anything but making malicious network requests

(2) this is just a stack overflow, for ACE the attacker needs to fit their payload in under 40 bytes

This ping vuln is not shared anywhere. It is based on a freebsd-specific "optimization" from 2019. Other pings are totally different, I also have my own ping, and it's not affected.

> The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.

I would assume there's some level of communication between the various security teams, enough that someone would check if OpenBSD/MacOS had the same bug before they went public with it at least.

Note that, thanks to capsicum(4), this vulnerability is not very exploitable.

Thanks, I didn't know about capsicum(4) and I completely overlooked the mention of sandboxing in the impact section.