Reading through that twitter threads and some referenced links, it looks like they've found a vulnerability in the four way handshake, most likely a vulnerability in common implementations of the RNG. Likely implications include successfully impersonating a secure network, and decrypting data.

As you say, though, we won't know anything for certain until the full details are released tomorrow, at which time we all hope that Aruba already quietly slipped in a fix when no one was looking =)