2 min read

Google's Project Zero Tracked 58 0Zero-Day Vulnerabilities Active in the Wild in 2021 Alone

Silviu STAHIE

April 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google's Project Zero Tracked 58 0Zero-Day Vulnerabilities Active in the Wild in 2021 Alone

Google revealed that its Project Zero team tracked 58 zero-day vulnerabilities used in the wild, the most since the program's inception in 2014.

Zero-day vulnerabilities are one of the most challenging security issues, which also means that many people are looking for them. Unfortunately, that means security researchers and malicious actors alike. Because a zero-day vulnerability can give attackers the tools needed to compromise a device, network or other types of infrastructure, an entire industry is built on the back of these exploits.

The number 58 might not seem like a lot, but we have to remember these vulnerabilities have been spotted in the wild and used in attacks. Even worse, they are only the ones we know about.

"While we often talk about the number of 0-day exploits used in-the-wild, what we're actually discussing is the number of 0-day exploits detected and disclosed as in-the-wild," said Google Project Zero's Maddie Stone. "And that leads into our first conclusion: we believe the large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits."

Companies and other parties have likely disclosed more security incidents, leading to this massive uptick in the number of zero-days.

The good news is that the attacks don't seem to have evolved significantly, from a technical standpoint, compared with last year or the years before. With a couple of exceptions, most zero-days have been similar to what's been used before.

"Only two 0-days stood out as novel: one for the technical sophistication of its exploit and the other for its use of logic bugs to escape the sandbox," Maddie explained.

The problem is that attackers don't say when they're using zero-days, and not all companies reveal attacks. Some don't even know they've fallen victim. This means that it's impossible to know how many other zero-days are still in the wild and unaccounted for, nor if the 58 Google tracked are a minority or a majority.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read
Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside
Silviu STAHIE

June 30, 2022

2 min read