Yes; you either downgrade to pre-Constantinople versions (
2.2.4-beta) — this is probably a worse idea, since you will lose some important improvements.
Or you wait for paritytech/parity-ethereum#10163 and paritytech/parity-ethereum#10164 to be released — will happen ASAP.
We're also going to push this update as
critical again — which means that all mainnet parity nodes in default configuration will try to fetch this update via auto-updater.
There are no third parties which can audit eips. I mean, there's no outside person not already deep into ethereum that can audit an eip based on some general body of knowledge. It's quirks upon quirks
@holiman I first learned about the vulnerability from the Chain Security Medium post and assumed they were the ones who discovered it