[eekfuh]

Not to be pedantic but it’s not a 0-day when the patch for the vuln was released before exploit was executed.

[pavon]

From the article:

> Lookout’s forensic analysis of two Pinduoduo APK app samples released prior to March 5 ... has determined that both contain malicious code that exploits CVE-2023-20963, the Android privilege-escalation vulnerability that wouldn’t become public until March 6 and wouldn’t be patched in user devices for up to two weeks later.

[jgalt212]

You're right I think it was a 14-day.

> Google patched in updates that became available to end users two weeks ago.

[jcul]

Though it says it was exploited before Google's disclosure (not sure if disclosure is referring to the timing of the patch, but the linked Google post is from 6th March).

> This privilege-escalation flaw, which was exploited prior to Google’s disclosure

[OneLeggedCat]

Many Android devices are still not available to be updated. For example, Verizon Pixel 6 users did not receive this patch until yesterday.