Lazy software fixes are creating even more problems for security teams
Many new zero-days are spin-offs of old vulnerabilities
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Quick fixes for zero-day vulnerabilities are giving rise to fresh issues for security teams, a newGooglereport suggests.
According to cybersecurity researchers at Google Project Zero, half of the 18 zero-days found in major software this year could have been prevented had developers done a better job atpatchingthe original flaw.
What’s more, four of the zero-days discovered this year are spin-offs of bugs originally identified in 2021.
Browsers are a major target
“At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests,” said Maddie Stone, one of the researchers.
“On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug.”
In total, there were more zero-days discovered in 2021 than in the past five years. But while sloppiness may be a contributing factor, it’s not the only cause of this rise, it was said.
Google says 2021 was a record year for zero-day hacks>This dangerous Microsoft Office zero-day is now being exploited in the wild>Best identity theft protection of 2022
There’s also the fact that, since the demise of the Flash player, cybercrooks have turned their attention towardsbrowsersas their next biggest target. There’s also the fact that browsers have become so big that their code volume rivals that of certainoperating systems.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To top it off, researchers have probably gotten better at detecting zero-days being exploited onendpointsin the wild than they were five years ago.
Google itself has patched four zero-day vulnerabilities in its Chrome browser, this year alone.
ViaZDNet
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report
