The current zero-day attacks against Adobe Flash Player are not quite zero-day after all. According to new information, Adobe’s security response team knew about the vulnerability since December 31, 2008 (see image below) but it was misdiagnosed as a “data loss corruption” issue.
When word of the attacks surfaced this week, Adobe quickly locked access to the bug ticket with a note that it was “reclassified as a security bug.” Read the full story [zdnet.com]