18 Zero-Days Exploited So Far in 2022

  /     /     /  
Publicated : 23/11/2024   Category : security


18 Zero-Days Exploited So Far in 2022


It didnt have to be this way: So far 2022s tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.



So far this year, a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild, according to an analysis – and half of those were preventable flaws.
According to Googles Project Zero, nine of the issues were simply variants of previously patched bugs, with four being variants of previous 2021 in-the-wild zero-day bugs. Since these are closely related to security weaknesses that have been seen before, it blows a hole in the theory that zero-day exploits are so advanced that defenders
cant hope to catch them
, Project Zeros Maddie Stone notes.
[After] the original in-the-wild zero-day [was] patched, attackers came back with a variant of the original bug, she explains in a
Thursday blog post
. Many of the 2022 in-the-wild 0-days are due to the previous vulnerability not being fully patched.
The slate of 2022 zero-days affects a wide range of platforms, including
Apple iOS
,
Atlassian Confluence
,
Chromium
, Google Pixel, Linux, WebKit, and, of course, Windows (including the
Follina
and
PetitPotam
vulns).
In some these cases (Windows win32k and Chromium), the proof-of-concept attack path was patched but not the root cause, so attackers could trigger the original vulnerability through a different path. In other cases, such as PetitPotam, the original vulnerability was patched but at some point regressed so that attackers could exploit the same vulnerability again, Stone says.
The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, they must develop a brand new exploitation method, she says. To do that effectively, we need correct and comprehensive fixes.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
18 Zero-Days Exploited So Far in 2022