What Causes a Rise or Fall in Fresh Zero-Day Exploits?
Governance & Risk Management
,
Patch Management
Google Report Lauds Transparency and Researchers, Warns Against Incomplete Fixes
Why are so many fresh zero-day vulnerabilities getting exploited in the wild?
See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense
A new study from Google says that last year, 41 new zero-day vulnerabilities were exploited in the wild. While that’s welcome news in terms of recent volume – it’s a 40% decrease from the all-time annual high of 69 in 2021 – it’s still well above the annual average compared to 2015 onward.
Zero-day vulnerabilities are dangerous because they allow attackers – who are oftentimes spies but sometimes criminals – to amass victims, frequently without the victims becoming aware until it’s too late. But simply counting the number of zero-day flaws that are found every year isn’t a guide to whether things are getting better or worse, and also cannot account for how many zero-day exploits are being used in the wild but haven’t yet been detected by the “good guys.”
One reason so many zero-day flaws were discovered last year – over the average since 2015 – is likely thanks in part to vendors being more transparent, said Maddie Stone, a security researcher with Google’s Threat Analysis Group, in a blog post.
Unfortunately, 40% of the new zero-days discovered were variations on zero-day vulnerabilities vendors had already patched. Sometimes, vendor fixes were part of the problem because they added new, exploitable flaws to the code base.
“The…
