If they say it’s not a RCE vulnerability, it could still be a privilege escalation vulnerability etc. They avoided saying their software isn’t being exploited or “we have seen no evidence our software has been compromised”, or “there is no clear signs…”.
Yeah, it stood out to me.
It’s always in what they don’t say.
If they say it’s not a RCE vulnerability, it could still be a privilege escalation vulnerability etc. They avoided saying their software isn’t being exploited or “we have seen no evidence our software has been compromised”, or “there is no clear signs…”.
Which gives a little wriggle room.