Google Project Zero has started tracking zero-day vulnerabilities exploited in attacks before the impacted vendor released patches.
The new project, named 0Day ‘In the Wild’, is basically a spreadsheet that Project Zero uses to track vulnerabilities exploited before they became known to the public or the vendor.
The spreadsheet currently lists over 100 vulnerabilities exploited in the wild since 2014. The table includes the flaw’s CVE identifier, impacted vendor, impacted product, the type of vulnerability, a brief description, the date of its discovery, the date when a patch was released, a link to the official advisory, a link to a resource analyzing the flaw, and information on attribution.
The list currently includes vulnerabilities affecting products from Facebook, Microsoft, Google, Apple, Adobe, Mozilla, Cisco, Oracle, IBM and Ghostscript. The zero-days are believed to have been exploited, among others, by APT3, FruityArmor, ScarCruft (APT37), BlackOasis, APT28 (Fancy Bear, Sofacy), Equation Group, AdGholas, APT31, Sandworm, Animal Farm, and the controversial spyware makers NSO Group and Hacking Team.
It’s worth noting that the project does not track every single zero-day exploited in the wild and instead focuses on software that is covered by Project Zero research. For instance, zero-days in the InPage word processor, which is mostly used by people who speak Urdu and Arabic, are not included.
It also doesn’t cover exploits for software that has reached end of life (EOL) by the time it’s discovered, such as the ExplodingCan exploit leaked by Shadow Brokers and patched in 2017, or flaws exploited between the time their details became public and the release of a patch, such as the Windows flaw disclosed in August 2018 by a frustrated researcher on Twitter.
“This data is collected from a range of public sources,” explained Project Zero’s Ben Hawkes. “We include relevant links to third-party analysis and attribution, but we do this only for your information; their inclusion does not mean we endorse or validate the content there. The data described in the spreadsheet is nothing new, but we think that collecting it together in one place is useful.”
The data collected so far shows that, on average, an in-the-wild exploit is identified every 17 days, that it takes vendors 15 days to patch an actively exploited flaw, that a detailed technical analysis is published for nearly 90 percent of zero-days, and memory corruption bugs are the root cause of roughly two-thirds of these vulnerabilities.
Related: Google Project Zero Discloses New Linux Kernel Flaw
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- New York Man Arrested for Running BreachForums Cybercrime Website
- Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
Latest News
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Malware Trends: What’s Old Is Still New
- Burnout in Cybersecurity – Can It Be Prevented?
- Spain Needs More Transparency Over Pegasus: EU Lawmakers
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
