| ▲ | wglass 5 hours ago | |
Can someone help clarify this for me? Is it correct to say that users would only get the compromised version if they downloaded from the website? Notepad++ has auto-update feature, is there any indication that updates from the AutoUpdate were compromised? | ||
| ▲ | jszymborski 5 hours ago | parent [-] | |
No, it's specifically the updates that were targetted. I'm unsure about the downloads but those too are presumably at risk. > The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++. | ||