We privately disclosed the vulnerability to the MakerDAO team, and we have been working together in the past few days on a code fix and a mitigation plan.
After reviewing the amended contract, we can confirm that the vulnerability has now been fixed. The security of the MKR token contract is not affected by our findings.
If you are a user of MakerDAO, head to their reddit post to understand if you need to take action.
We will provide a detailed technical analysis of the vulnerability and fix once the mitigation plan has come to an end.