A total of 58 zero-day exploits were detected and disclosed in 2021, which is almost double the amount found in 2020 when there were 25. It is a record number of reports in a year since Project Zero began tracking them, back in mid-2014.
But what is the reason for this concerning number? Is it because hackers got bolder and launched more attacks in 2021? According to Project Zero, it is more likely due to increased detection and disclosure by companies such as Microsoft, Apple, and Google rather than an increase in the use of zero-day exploits.
Project Zero shares that it’s highly possible that there were more than 58 zero-day exploits in 2021, but vendors didn’t inform about them. So, although it is true that companies are becoming better at detecting such attacks, it makes us wonder how many exploited vulnerabilities really happened, and will there come a time when we will really know the exact number?
Of all the 58 discovered exploits, only two were entirely new — and they managed to wow the experts. The first one is the first-ever publicly known macOS zero-day, using sophisticated code to install a backdoor. The second one is the ForcedEntry exploit, used to distribute the Pegasus hack on iPhones by injecting malicious code via an innocent GIF sent to iMessage. Both of these were later patched by Apple.
The rest were variations of known but unpatched weaknesses, with 67% being variants of memory corruption vulnerabilities, which hackers have been using as jumping off points for their attacks for a while now. It is unknown why these issues have not yet been resolved. It’s possible that they are too difficult or expensive to patch, but there is also the possibility that these vulnerabilities aren’t a priority for the vendors to fix.
The Project Zero team knows that there will always be the potential for 0-day exploits. However, its mission is to make it much harder and more resource-heavy for hackers to actually utilize them. That is why the team implores developers all around to focus on strengthening areas around the known memory corruption vulnerabilities, as well as be more open and transparent when reporting their own zero-day discoveries.
