After the vulnerabilities were disclosed by Google’s Threat Analysis Group (TAG), Apple, Microsoft and Google quickly fixed these bugs.
Zero-day vulnerabilities are unknown software vulnerabilities. As long as they are not identified and fixed, they can be exploited by attackers.
“The four exploits were used in three different campaigns. As is our policy, after discovering these zero days, we promptly reported to the vendor and patches were released to users to protect them from these attacks. “Google said in a statement. declaration.
“We assess that three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed players,” the company said.
In the first six months of this year, 33 zero-day exploits were used in attacks that were publicly disclosed this year, 11 more than the total number for 2020.
There is no unequivocal relationship between the number of zero-days used in nature and the number of zero-days detected and disclosed as being in nature.
“The attackers behind zero-day exploits generally want their zero-days to remain hidden and unknown, because that’s how they are most useful,” Google said.
This year, Apple began annotating vulnerabilities in its security bulletins to include notes if there is reason to believe a vulnerability can be exploited in the wild, and Google has added these annotations to its Android bulletins.
“When providers do not include these annotations, the only way for the public to be made aware of the exploitation in the wild is for the researcher or group that knows the exploitation themselves publish the information,” added the TAG team.
Google said improvements in detection and a growing culture of disclosure are likely contributing to the significant increase in the number of zero days detected in 2021 compared to 2020, but reflect more positive trends.
“Increasing our detection of zero-day exploits is a good thing – it allows us to remediate these vulnerabilities and protect users, and gives us a more complete picture of the exploitation that is really happening so that we can make better decisions. enlightened on how to prevent and combat it, ”the researchers noted.