Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year.
The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020.
"The large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits," Google Project Zero security researcher Maddie Stone said.
"Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces," Stone added.
The tech giant's in-house security team characterized the exploits as similar to previous and publicly known vulnerabilities, with only two of them markedly different for the technical sophistication and use of logic bugs to escape the sandbox.
Both of them relate to FORCEDENTRY, a zero-click iMessage exploit attributed to the Israeli surveillanceware company NSO Group. "The exploit was an impressive work of art," Stone said.
The sandbox escape is "notable for using only logic bugs," Google Project Zero researchers Ian Beer and Samuel Groß explained last month. "The most striking takeaway is the depth of the attack surface reachable from what would hopefully be a fairly constrained sandbox."
A platform-wise breakdown of these exploits shows that most of the in-the-wild 0-days...
Read Full Story: https://thehackernews.com/2022/04/google-project-zero-detects-record.html
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
