
Google reveals 'BuggyCow,' a rare macOS zero-day vulnerability - flenter
https://www.wired.com/story/google-project-zero-buggycow-macos-zero-day/
======
saagarjha
Previous discussion:
[https://news.ycombinator.com/item?id=19298515](https://news.ycombinator.com/item?id=19298515)

------
hannasanarion
God damn it Wired, not every security bug is a zero day. The bug was
discovered 94 days ago. 0≠94

Zero-day is when a new virus exploits a previously unknown vulnerability.
There is no virus, and the vulnerability has been known about for over three
months. There is no justification for calling this "zero day" except to beg
for clicks and sound cool.

~~~
daeken
Zero-day is most generally used in security to mean a bug that is released
without a patch. This is a zero day.

~~~
hannasanarion
Day Zero is the day that the developers learn about the vulnerability. If that
day is the same as the day that the public learns of it, or the day that an
attack occurs, then we call it a "zero day vulnerability". We are currently on
94 days since Apple was informed of the bug, making this a 94-day
vulnerability.

~~~
meowface
There are probably three or four different definitions for "zero-day
vulnerability" that many people regularly use. I'd say just roll with it.

