2021 was a record year in terms of the number of zero-day vulnerabilities in software likeWindows, Safari, iOS, Firefox, and Exchange. Last year, Google’s Project Zero recorded a total of 58 vulnerabilities that were exploited in the wild before a patch from the manufacturer was available.
The number is more than double the annual detection rate of zero-day exploits in the wild since GPZ began tracking zero-days in mid-2014.
While zero days discovered in the wild represent a “failure” for attackers, notes Maddie Stone, researcherProject Zero, in a blog post, pointed out that “without the exploit pattern or a detailed technical report based on the pattern, we can only focus on remediating the vulnerability rather than mitigating the exploitation method as well.”
Google demands broader access to details about known zero-day vulnerabilities
According to Google, this means that attackers can continue to use their existing exploit methods. Attackers are not forced to invest in new methods.
Google hopes more software vendors will disclose that vulnerabilities are already being actively exploited. It is also necessary to make patterns of exploits and detailed technical descriptions accessible to a larger group of researchers.