Source: Hacker News
Article note: Shown exploit isn't root (or even arbitrary code execution), but they did cobble a little drawing-a-user-controlled-graphic PoC by doing ROP in the userspace... less than 5 hours after release.
Comments Source: Hacker News