I’ll bet the Intel management engine is just as “vulnerable”. The only context this is likely a concern is large scale corpo deployments, without verified supply chains to the source. Love how the security researcher handwaves that there’s “plenty of existing exploits” that can be used to install the exploit into the SMM, without giving any suggestions of how.
But the CEO’s third luxury yacht? What about that?