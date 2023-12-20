The Digital Source For China's Tech Innovation Since 2000

Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price

December 20, 2023
Source: arstechnica.com arstechnica.com
Comcast waited 13 days to patch its network against a high-severity vulnerability, a lapse that allowed hackers to make off with password data and other sensitive information belonging to 36 million Xfinity customers. The breach, which was carried out by exploiting a vulnerability in network hardware sold by Citrix, gave hackers access to usernames and cryptographically hashed passwords for 35.9 million Xfinity customers, the cable TV and Internet provider said in a notification filed Monday with the Maine attorney general’s office. Citrix disclosed the vulnerability and issued a patch on October 10. Eight days later, researchers reported that the vulnerability,...
