Google reports a massive amount of cross-industry zero-day exploits for 2021

By Scott Marlette Last updated Apr 21, 2022

Google’s Project Zero team, a unit of security analysts employed to find zero-day vulnerabilities, recently released its report for 2021 (via Android Police). 0-day exploits are vulnerabilities that are either unknown to a program’s developer or discovered but not yet patched.

A total of 58 zero-day exploits were detected and disclosed in 2021, which is almost double the amount found in 2020 when there were 25. It is a record number of reports in a year since Project Zero began tracking them, back in mid-2014.

But what is the reason for this concerning number? Is it because hackers got bolder and launched more attacks in 2021? According to Project Zero, it is more likely due to increased detection and disclosure by companies such as Microsoft, Apple, and Google rather than an increase in the use of zero-day exploits.

Project Zero shares that it’s highly possible that there were more than 58 zero-day exploits in 2021, but vendors didn’t inform about them. So, although it is true that companies are becoming better at detecting such attacks, it makes us wonder how many exploited vulnerabilities really happened, and will there come a time when we will really know the exact number?

Of all the 58 discovered exploits, only two were entirely new — and they managed to wow the experts. The first one is the first-ever publicly known macOS zero-day, using sophisticated code to install a backdoor. The second one is the ForcedEntry exploit, used to distribute the Pegasus hack on iPhones by injecting malicious code via an innocent GIF sent to iMessage. Both of these were later patched by Apple.

The rest were variations of known but unpatched weaknesses, with 67% being variants of memory corruption vulnerabilities, which hackers have been using as jumping off points for their attacks for a while now. It is unknown why these issues have not yet been resolved. It’s possible that they are too difficult or expensive to patch, but there is also the possibility that these vulnerabilities aren’t a priority for the vendors to fix.

The Project Zero team knows that there will always be the potential for 0-day exploits. However, its mission is to make it much harder and more resource-heavy for hackers to actually utilize them. That is why the team implores developers all around to focus on strengthening areas around the known memory corruption vulnerabilities, as well as be more open and transparent when reporting their own zero-day discoveries.Enable GingerCannot connect to Ginger Check your internet connection
or reload the browserDisable in this text fieldRephraseRephrase current sentenceEdit in Ginger

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.