So, it used to take at least some time before published 0-day vulnerabilities were weaponized into malicious trojans and other exploit code. Now it appears that they time to develop exploit modules is extremely limited, and possibly in some cases prepared before public release.
As referenced in the slashdot story an Adobe spokesman described that the situation could change with the availability of the public samples and exploit code. I think these types of advisories should be changed to "..the situation has changed, exploit code certainly already exists and has been used privately for some time.."
As referenced in the slashdot story an Adobe spokesman described that the situation could change with the availability of the public samples and exploit code. I think these types of advisories should be changed to "..the situation has changed, exploit code certainly already exists and has been used privately for some time.."
Comments