Nope, 0-day means it was exploited in the wild before the company knew about it. Basically, the company had to rush to patch it because it was already being exploited. It means black-hat hackers found it and exploited it before the white/grey-hat hackers reported it. If white-hat hackers found it first, they’d have already alerted the company and given time to patch it before they announced the vulnerability. But since the black-hat hackers found it first, it was a 0-day.
Comment on Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
sourhill@lemmy.sdf.org 4 weeks agoZero-day means the company had 0 days to fix it before the exploits were made public. Maybe the headline is wrong?
mic_check_one_two@lemmy.dbzer0.com 4 weeks ago
SnotFlickerman@lemmy.blahaj.zone 4 weeks ago
Perhaps, either that or they made a very quick fix making updates to address them the day before this patch release.
MrNesser@lemmy.world 4 weeks ago
Nope 0 days means
Zero-day vulnerability: A software flaw that attackers discover before the developer does.
Zero-day exploit: The method hackers use to take advantage of this unknown vulnerability.
Zero-day attack: An attack that uses a zero-day exploit to damage a system, steal data, or plant malware before a patch is available. This is a serious risk because no defenses are in place for this specific flaw yet.
The first is the most common one found in the press and is usually reported to the company so they can patch it, before press release.
frongt@lemmy.zip 4 weeks ago
But it would be weird to call something a “zero-day” if it wasn’t being exploited. Like if I discover a vuln, it shouldn’t be considered a zero-day, even if I report it, if I’m not exploiting it in the wild.
Cethin@lemmy.zip 4 weeks ago
It was exploited. That’s how they proved it worked. They just didn’t exploit it to do anything nefarious.
sourhill@lemmy.sdf.org 4 weeks ago
Ahh TIL. Thanks for the clarification!
Attacker94@lemmy.world 4 weeks ago
Maybe I was just missing pertinent information, but I thought a zero day was an attack that could be exploited in a very short time frame that has remained unpatched, I didn’t realize there was a hierarchy to the different stages.