Google Project Zero comes from publish a report showing an analysis of zero-day vulnerabilities (computer vulnerabilities that have not been the subject of any publication or have no known patch) detected and actually exploited during 2021. The cybersecurity industry has progressed. 60 zero-day flaws were detected in 2021 compared to 23 in 2020.
The cybersecurity industry has improved its ability to detect
Since 2014, when Google researchers began looking for computer vulnerabilities, the number of zero-day flaws discovered each year had never exceeded 30. This year 2021 is exceptional for several reasons. First of all, it should be pointed out that the number of cyberattacks has increased. This phenomenon has therefore directly led to an evolution of hacking methods. According to the researchers, this spectacular jump in discoveries is mainly due to the fact that the cybersecurity industry has generally improved its ability to detect flaws.
Exploited vulnerabilities in the Apple ecosystem increased by 467% in 2021
The evolution of zero-day fault discoveries. Image: Google Project Zero.
Individually or collectively, there are more and more experts studying this phenomenon. Giants like Google and Microsoft are also doing a lot more to anticipate and stop attempts to exploit their own products. This is a good thing, because they are the ones who have the most data and knowledge on the subject. Precisely, the two American giants detected 17 zero-day flaws in their products in 2021 (7 for Google and 10 for Microsoft), against only 5 in 2020.
Many zero-day flaws among web giants
Google Project Zero experts find that the zero-day flaws detected in 2021 are not fundamentally different from those of previous years. Hackers generally continue to use the same methods. A finding that suggests that technology companies can’t seem to get rid of these code flaws. As long as this situation persists and the cybersecurity level of companies is low, it will be difficult to reduce hacking. Google Project Zero researchers have set themselves a goal for the next few years: to make hacking more difficult and more expensive for cybercriminals. There is still work.
At Apple, 7 zero-day flaws have been discovered in the past yearagainst only 1 in 2020. In addition, another report ofAtlasVPN recently showed that exploited vulnerabilities in the Apple ecosystem increased by 467% in the year 2021. Among the most dangerous vulnerabilities for Apple devices is CVE-2021-30858, with a severity score of 8.8 . This vulnerability affected iPhones and iPads with iOS version 14.8, as well as Mac devices with macOS Big Sur 11.6.