Ah-ha, I had an epiphany in the shower this morning and realized how to get codeexec in LastPass 4.1.43. Full report and exploit on the way.pic.twitter.com/vQn20D9VCy
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
why are you so mean Tavis???
Talking to the vendor (and by extension protecting their customers) first might annoy a few people.
you are 100% right in this thread. Just so it is clear that some of us are backing you and not whining like babies.
I'd honestly be more concerned if in, say, six months time, more obvious vulns are found. They need to focus on it now.
is the information you provide enough to execute the hack? After documenting, do you provide it to sw maker first? Just wondering.
Do some background reading - Taviso is one of the prolific security researchers around. And yes: disclosure.
My less PC response: If you don't know how software bugs work don't develop security solutions.
Thx for info. It is valuable on its own. I can now as customer decide to not use LP until fixed. Keep up your great work! 
Keep up good work Tavis, wish I could favorite 100x
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.