Their wording is actually quite deliberate. They say there isn’t one being exploited, but they do not explicitly say that there isn’t a RCE vulnerability.
It stinks of lawyers checking the press release. They can’t say “there is none” in the offchance that someone, sometime finds one. Then clients could point to this press release saying “SEE, YOU TOLD US THERE WAS NONE AND 25 YEARS LATER WE FOUND ONE”. I bet they are telling the truth, just ran through a lawyer and PR team.
If they say it’s not a RCE vulnerability, it could still be a privilege escalation vulnerability etc. They avoided saying their software isn’t being exploited or “we have seen no evidence our software has been compromised”, or “there is no clear signs…”.
So if it isn’t a RCE vulnerability, what vulnerability is it?
Their wording is actually quite deliberate. They say there isn’t one being exploited, but they do not explicitly say that there isn’t a RCE vulnerability.
It kinda stinks of ass coverage.
“I did not have sexual relations with that woman”
It stinks of lawyers checking the press release. They can’t say “there is none” in the offchance that someone, sometime finds one. Then clients could point to this press release saying “SEE, YOU TOLD US THERE WAS NONE AND 25 YEARS LATER WE FOUND ONE”. I bet they are telling the truth, just ran through a lawyer and PR team.
Yeah, it stood out to me.
It’s always in what they don’t say.
If they say it’s not a RCE vulnerability, it could still be a privilege escalation vulnerability etc. They avoided saying their software isn’t being exploited or “we have seen no evidence our software has been compromised”, or “there is no clear signs…”.
Which gives a little wriggle room.