In 2022, the detection of zero-day exploits in the wild decreased by 40% compared to the previous year.Â
41 in-the-wild 0-days were detected, the second-highest count since 2014, but lower than the 69 found in 2021.
While a 40% drop appears as a security win but, the reality is more complicated than it seems. Despite the drop, 41 zero days in the wild is significant, and declining numbers don’t necessarily indicate improved product security or better detection by defenders.
41 Zero-days Detected
Google’s 2020 finding of 25% exploited zero-days linked to disclosed vulnerabilities increased to over 40% in 2022, with 17 of 41 zero-days connected. Over 20% were variants of previous zero-days, seven from 2021 and one from 2020.
In 2022, 18 organizations were credited across the 41 in-the-wild 0-days, highlighting the importance of a large workforce tackling this problem.
Analyzing 2022 0-days, Google researchers anticipate industry focus in the following areas:-
- Enhance patching to promptly address variants and n-days posing as 0-days.
- Platforms adopt browser-like mitigations to reduce the exploitability of entire vulnerability classes.
- Make sure to increase transparency and collaboration between vendors and defenders to detect exploit chains across multiple products.
The 0-days detected and disclosed in the wild serve as one of many indicators for security experts, who attribute the 40% drop from 2021 to 2022 to a mix of improvements and regressions, leading to a higher-than-average count in 2022.
Gaps between upstream vendors and downstream manufacturers enable n-days to act as 0-days due to the lack of available patches, leaving users with limited defenses. Android experiences more prevalent and extended gaps in such associations.
Alongside the general decrease in detected zero-days, browser zero-days reduced by 42% in 2022, possibly due to increased exploit mitigations by manufacturers and attackers shifting focus to other areas.
In 2022, attackers also favored zero-click exploits, targeting non-browser components like iMessage.
One-click exploits require a visible link that targets must click, potentially detectable by security tools, with the exploits hosted on a server at that link that is navigable.
In the second half of 2023, their 0-days in-the-wild program moves from Project Zero to TAG, combining vulnerability analysis, detection, and threat actor tracking expertise in one team – introducing TAG Exploits.
Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.