Successful exploitation requires a combination of specific conditions. An attacker must first gain physical access to a target eUICC and use publicly known keys," Kigen said. “This enables the attacker to install a malicious JavaCard applet.”
If an attacker has physical access, they can do whatever the fuck they want with the device. All bets are off.
If I had physical access to a server, I could just fucking drop in my own hard drive full of malware if I wanted to. It doesn’t matter how good the security software/firmware is on the server, when I can physically remove that software/firmware and substitute my own. That doesn’t mean every single server is “exposed to malicious attacks” as is colloquially known.
If an attacker has physical access, they can do whatever the fuck they want with the device. All bets are off.
If I had physical access to a server, I could just fucking drop in my own hard drive full of malware if I wanted to. It doesn’t matter how good the security software/firmware is on the server, when I can physically remove that software/firmware and substitute my own. That doesn’t mean every single server is “exposed to malicious attacks” as is colloquially known.