Google filed a zero day vulnerability report in 2022

Darkcrizt

4 minutes

zero day

Zero day is a broad term that describes security vulnerabilities that are unknown to users and to the manufacturer or developer.

A few days ago the team Google Security unveiled through a blog post, a report on all collection last year (2022) related to the 0 day vulnerabilities where exploits appeared before to develop patches for related vulnerable software.

In their report presented, they mention that during 2022, the Project Zero team identified 41 vulnerabilities 0 day (40% less than those found in 2021) and that despite a notable decrease in the number of vulnerabilities, the number continues to be higher than the average of the previous 6 years.

This is Google's fourth annual review of 0 days exploited in the wild [2021, 2020, 2019] and builds on the 2022 mid-year review. The goal of this report is not to detail each individual exploit, but rather to analyze the exploits of the year as a whole, looking for trends, gaps, lessons learned and successes.

0 day

Graph of number of zero day vulnerabilities of the last years

It is mentioned that the emergence of a large number of zero day vulnerabilities is potentially facilitated by factors such as the continued need for attackers to use exploits to carry out attacks and simplifying methods for finding such vulnerabilities, in addition to the fact that the increase in the speed of application of patches makes it necessary to look for vulnerabilities of this type instead of using already known problems. This is also a factor, as poor patching allows exploit writers to find new attack vectors for known vulnerabilities.

For example, more than 40% (17 of 41) of zero-day exploits identified in 2022 were related to previously patched and publicly disclosed vulnerabilities. Such an opportunity arises due to insufficiently complete or low-quality fixes for vulnerabilities - developers of vulnerable programs often fix only a special case or simply create the appearance of a fix without getting to the root of the problem. Such zero-day vulnerabilities could potentially have been prevented with further investigation and remediation of the vulnerabilities.

The decrease in the number of vulnerabilities 0 day compared to 2021 can be explained by the fact that more time, knowledge and money are needed to create exploits, the number of exploitable vulnerabilities decreases due to the more active use of protection methods, for each exploit, new operational techniques are often developed.

The decline in 0 day vulnerabilities may also be due to the use of simpler attack methods such as phishing and malware distribution. It may also be affected by the ability to bypass exploits for known vulnerabilities due to users delaying the application of fixes.

The report concludes that exploits for N-day patched vulnerabilities in Android are no less effective than 0-day vulnerabilities due to the delay of the providers in generating updates. For example, even if Google quickly fixes a vulnerability in the Android core platform, the fix for this vulnerability may not be available to most users until months later, as end-device manufacturers are often slow to port fixes to your firmware revisions.

An example is the CVE-2022-3038 vulnerability identified in the Chrome 105 browser engine and fixed in June 2022. This vulnerability remained unpatched for a long time in specific browsers from vendors such as Samsung Internet. In December 2022, facts of attacks on Samsung users using an exploit for this vulnerability were disclosed (in December, the current version of Samsung's Internet browser continued to use the Chromium 102 engine, released in May 2022).

At the same time, for browsers, there is also a change in interests from exploit writers in favor of 0-click exploits over 1-click exploits. 0-click refers to vulnerabilities that do not require user action, usually affecting components other than the browser code itself.

It is mentioned that 0-click vulnerabilities are difficult to detect because:

  • they are short-lived
  • They often have no visible indicator of their presence.
  • You can target many different components and providers don't even always realize all the components that can be accessed remotely
  • Delivered directly to the target instead of widely available as in a trough attack
  • Often not hosted on a browsable website or server

Whereas with 1-click, there is a visible link that the target must click to deliver the exploit. This means that the target or security tools can detect the link. The exploits are then hosted on a server browsable at that link.

finally if you are interested in knowing more about it, you can check the details in the following link


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.