• Square Singer@feddit.de
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    7 months ago

    If the vulnerability is in the wild, what other security mechanisms do you have until it’s patched?

    • oce 🐆@jlai.lu
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      7 months ago

      In this case, downgrading to the not affected version. If there’s no possible downgrade, stopping the compromised system until it is fixed.
      Keeping the vulnerable system up because you think nobody else should know is a bet, I don’t think it’s sound. State actors are investing a lot to find and exploit those vulnerabilities, in this case probably even funded the implementation of the vulnerability, so I think you should assume that any vulnerability you discover is already used.