An elite squad of computer industry engineers that labored in secret to solve the problem released a software “patch” two weeks ago and sought to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks.
“We are in a lot of trouble,” said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.
“This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please,” Kaminsky said. “This is a big deal.”
Two “exploits,” software snippets that take advantage of the vulnerability, have been unleashed on the Internet in the past 24 hours, Securosis analyst Rich Mogul said during the conference call.