Half the zero day bugs seen in 2022 were variants of old ones, reveals Google Project Zero

Google's research nails superficial mitigation methods by manufacturers leading to repeated exploitation of same vulnerability.

Gautam S. MengleUpdated: Tuesday, July 05, 2022, 09:04 PM IST
article-image
Half the zero day bugs seen in 2022 were variants of old ones, reveals Google Project Zero | Markus Spiske from Pexels

Half of the zero-day vulnerabilities recorded in the first half of 2020 were simply variations of old ones, and could have been prevented, had the manufacturers of the affected products taken the effort to patch them properly, the latest research states.

The revelation was made by researchers from Google Project Zero (GPZ), a dedicated team of cybersecurity experts and analysts at Google who exclusively focus on zero day vulnerabilities. A ‘zero day’ is so named because it only comes to light when a hacker exploits it. In other words, there are zero days between its discovery and its exploitation. Needless to say, zero days are among the most serious of vulnerabilities for this very reason.

According to GPZ’s research, a total of 18 zero days came to light in the first half of 2022, and out of these, nine were nothing but slightly different versions of zero days exploited in the past.

“At least half of the zero days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 zero days are variants of 2021 in-the-wild zero days. Just 12 months from the original in-the-wild zero day being patched, attackers came back with a variant of the original bug,” GPZ’s Maddie Stone said in an update posted on their official blog.

While the companies affected by these zero days are based all over the world, Indians make up a large part of their consumer base. These include operating systems, browsers and software solutions providers.

Of the nine zero days flagged by GPZ as variants of old ones, three were found in Windows, the most widely used operating system for computers across the globe. This includes the infamous Follina vulnerability which, although exploited since 2021, was only officially acknowledged earlier this year. India is one of the countries in which hackers are reported to have actively exploited Follina.

GPZ’s research details the previous as well as 2022 versions of the zero days, along with the Common Vulnerabilities and Exposures (CVE) number assigned to each of them, both old versions and new. In every case, GPZ found that the older zero days were only superficially patched but the root cause was not addressed. As a result, hackers were able to get to the root cause of the vulnerability and simply tweaked their earlier code to exploit it anew.

“When zero day exploits are detected in the wild, it’s the failure case for an attacker. It’s a gift for us security defenders to learn as much as we can and take action to ensure that that vector can’t be used again. The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, and they must develop a brand new exploitation method. To do that effectively, we need correct and comprehensive fixes,” Stone said in her post.

(To receive our E-paper on whatsapp daily, please click here. To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

RECENT STORIES

Mumbai: Byculla zoo records highest monsoon footfall over extended weekend

Mumbai: Byculla zoo records highest monsoon footfall over extended weekend

Independence Day 2022: Huge crowd slows pace of wheels in South Mumbai

Independence Day 2022: Huge crowd slows pace of wheels in South Mumbai

'All is well': CM Eknath Shinde clarifies after reports of ministers being upset over portfolio...

'All is well': CM Eknath Shinde clarifies after reports of ministers being upset over portfolio...

'Not a diktat': Amid strong criticism, Sudhir Mungantiwar takes u-turn on his call to say 'Vande...

'Not a diktat': Amid strong criticism, Sudhir Mungantiwar takes u-turn on his call to say 'Vande...

Bihar cabinet expansion to take place tomorrow at 11:30 am

Bihar cabinet expansion to take place tomorrow at 11:30 am