| > Maybe Google could benefit from having you train customer service for a few days ;) Customer service? What customer service? :P > That said, couldn't an exploit simply turn off security updates? Sure, but I was thinking more along the lines of if you have a widespread issue then people will write about it and how to restart the device to clear the infection, turn off remotely exploitable surface area, etc. For example I know a lot of people would turn off iMessage when the effective power stuff was going on since it was so easy to exploit and used widely to troll. > Why wouldn't this have been a goldrush to exploit by unsophisticated attackers? Maybe I'm missing something? Right, this isn’t an 0-day anymore, because Google knows about it. Some of the bugs also have patches available, making those effectively public. Apparently, some are not fixed yet and also easy to exploit, for which Project Zero has made a rare exception for and not disclosed. In general, if an exploit remains unpatched for a while, it will actually start being exploited by opportunistic attackers. Some exploits are actually really easy to launch, because they are simple or someone left a PoC online. Those can and do get spammed en masse by things like ad networks and generic malware. For more complex exploits, or partial patches, you’ll often need a sophisticated attacker to actually design the exploit once the bug is known. Those ones are not generally in the business of hacking a million people and trying to get their credit card information. Top vulnerability developers are frighteningly fast in how quickly they can make a working exploit out of a patch that they diffed to my knowledge it’s more reliably lucrative and safer for them to sell it to people who use them for targeted attacks, so that’s what they do. Anyways, here I suspect the answer is “the ones that are public are hard to exploit” and “the ones that are not public might actually be dangerous and were withheld for exactly that reason”. |