I was so excited to see zero-day in the title, and then I was disappointed that zero-day was in the title.
mrsemi@lemmy.world 5 months ago
[deleted]
brakebreaker101@lemmy.world 5 months ago
Gooey0210@sh.itjust.works 5 months ago
It can be a zero click 🫣
booly@sh.itjust.works 5 months ago
I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?
mrsemi@lemmy.world 5 months ago
booly@sh.itjust.works 5 months ago
I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.
It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.
Syn_Attck@lemmy.today 5 months ago
Yeah… Unless Gen Z changed it, from 2008 to 2017 (when I got out of infosec) a 0day was an exploit that the vendor didn’t know about and wasn’t widely distributed.
I don’t know what the above poster is on about, or who is upvoting them, but that would mean it’s no longer a 0day once you’ve discovered and made your own exploit for the vulnerability.
From wikipedia (still current to our definition, so I assume Gen Z hasn’t changed it):