Do you need physical access to the computer to execute this attack? Do you need to be sitting at the keyboard typing in the evil shell commands?
Physical access, plus admin rights, has -always- been "game over", so maybe this isn't as big a deal as it's made out to be. Nonetheless, worth a close look.