|
|
|
|
|
|
by greenyoda
4630 days ago
|
|
|
"I'm curious as to why FireEye chose not to disclose the library." For the same reason that most responsible security researchers don't disclose zero-day threats: to prevent people from exploiting them before they can be fixed. In this case, they did notify Google, which can pull the compromised apps out of their app store and notify the developers who've used this library that they need to rewrite their apps. |
|
|