Two days ago we wrote about
CVE-2016-4171, a security vulnerability that doesn’t
have a fancy name, but if it did, it might be
FourthTimeUnlucky.
That’s the bug that necessitated the fourth Adobe zero-day Flash update in four months, following similar patches that shipped in
March,
April and
May 2016.
A
zero-day is a security exploit that comes out before any updates were available, thus giving even the most zealous sysdamin zero days of advance warning to patch against it.
And a
security exploit is a bug that crooks can use not only to crash your computer, but also to gain control over it from the other side of the world without warning.
The silver lining, if you want to find one, is that some zero days, being new and not very well tested, don’t work reliably on all computers.
Furthermore, not all zero days are immediately widely available in the cybercriminal underground, because the crooks who figured them out want to keep them to themselves for a while.
But that’s only if you want to find a silver lining.
