zlacker

>>myster+(OP)
Can someone help clarify this for me?

Is it correct to say that users would only get the compromised version if they downloaded from the website?

Notepad++ has auto-update feature, is there any indication that updates from the AutoUpdate were compromised?

>>wglass+zc
No, it's specifically the updates that were targetted. I'm unsure about the downloads but those too are presumably at risk.

> The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.