My guess is A. they don't have anything new to disclose at this point as far as new 1 click root methods.
B. Am I reading this right? They made google and sprint aware of the vulnerability hence HTC/sprint patching the loophole with the recent ota?
So if they didn't say anything, HTC/Sprint would NOT have included a loophole closure for their "root" method in the OTA and there would have been no need for additional "unrevoked root methods"? Sooo why say anything at all?
Anyway, here's the disclosure...for what it's worth.
On edit: So that sprint rep Could see I Downloaded ATK after all. Actually the question of whether he DID or DIDN'T is no longer important. The question of "could he if he wanted to" has been answered.
"
However, the security vulnerabilities present in skyagent are of less cause for concern than the purpose of the program. It appears that the binary was designed as a backdoor into the phone, allowing remote control of the device without the user's knowledge or permission. When the program is invoked, it listens for connections over TCP (by default, port 12345, on all interfaces, including the 3G network!) that accepts a fixed set of commands".
http://unrevoked.com/rootwiki/doku.p...ed1_disclosure