I would be interested to know how long this vulnerability was unknown. Seems like security is only as good as how fast we can find patches to CVEs and communicate globally vs the exploiters