• booly@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    9 months ago

    disclosed active exploitation

    So, not a fucking zero day.

    I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?

      • booly@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        7
        ·
        9 months ago

        A zero day is an exploit that has been identified by someone but not yet used.

        I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.

        It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.

        • Syn_Attck@lemmy.today
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          9 months ago

          Yeah… Unless Gen Z changed it, from 2008 to 2017 (when I got out of infosec) a 0day was an exploit that the vendor didn’t know about, and that only a few people knew about (otherwise it would be quickly known about by the vendor.)

          I don’t know what @mrsemi@lemmy.world is on about, or who is upvoting them, but that would mean it’s no longer a 0day once you’ve discovered and made your own exploit for the vulnerability.

          From wikipedia (still current to our definition, so I assume Gen Z hasn’t changed it):

          A zero-day (also known as a 0-day) is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it.[1] Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.