Perhaps, either that or they made a very quick fix making updates to address them the day before this patch release.
Comment on Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
sourhill@lemmy.sdf.org 19 hours agoZero-day means the company had 0 days to fix it before the exploits were made public. Maybe the headline is wrong?
SnotFlickerman@lemmy.blahaj.zone 18 hours ago
MrNesser@lemmy.world 18 hours ago
Nope 0 days means
Zero-day vulnerability: A software flaw that attackers discover before the developer does.
Zero-day exploit: The method hackers use to take advantage of this unknown vulnerability.
Zero-day attack: An attack that uses a zero-day exploit to damage a system, steal data, or plant malware before a patch is available. This is a serious risk because no defenses are in place for this specific flaw yet.
The first is the most common one found in the press and is usually reported to the company so they can patch it, before press release.
frongt@lemmy.zip 18 hours ago
But it would be weird to call something a “zero-day” if it wasn’t being exploited. Like if I discover a vuln, it shouldn’t be considered a zero-day, even if I report it, if I’m not exploiting it in the wild.
Cethin@lemmy.zip 10 hours ago
It was exploited. That’s how they proved it worked. They just didn’t exploit it to do anything nefarious.
sourhill@lemmy.sdf.org 18 hours ago
Ahh TIL. Thanks for the clarification!