One of the core themes in the latter half of the book was how the government obtains zero-days, and then has a "committee of government and industry experts" that think about responsible disclosures, assuming the government is willing to "concede" the "national security advantage" of not disclosing the vulnerability.
Most vulnerabilities don't get disclosed.
Most systems go unpatched.
Just so the USG can exploit foreign systems.
It's very possible this particular vulnerability was found, but it's potential for spying outweighed the concern for patching.
One of the core themes in the latter half of the book was how the government obtains zero-days, and then has a "committee of government and industry experts" that think about responsible disclosures, assuming the government is willing to "concede" the "national security advantage" of not disclosing the vulnerability.
Most vulnerabilities don't get disclosed.
Most systems go unpatched.
Just so the USG can exploit foreign systems.
It's very possible this particular vulnerability was found, but it's potential for spying outweighed the concern for patching.
We'll never know.