Zero-days are vulnerabilities that are new on the scene, meaning they don’t have a fix or patch ready. This aspect makes early detection crucial. The detection of 58 zero-days in 2021 signifies more than a two-fold increase from the 25 exploits discovered in 2020. Google believes the higher number of zero-days detected in 2021 is likely due to a more aggressive detection process aided by companies like Apple, Microsoft, and of course, Google. In 2019, Google’s Project Zero team notified Apple of a security vulnerability on the iPhone, affecting users running iOS 10 through iOS 12. The company explained that up to 67% of the zero-days found in 2021 were variations of existing memory-corruption vulnerabilities. Meanwhile, only two zero-days were new, targeting macOS and iOS users.
Messaging apps didn’t report any zero-day exploits in 2021, as per Google
“Since mid-2014 there’s only one in-the-wild 0-day each for macOS and Linux. There are no known in-the-wild 0-days targeting cloud, CPU vulnerabilities, or other phone components such as the WiFi chip or the baseband,” Google said in its report (via Android Police). Messaging apps like Signal, Telegram, and WhatsApp didn’t report any zero-day exploits on their platforms last year. Google speculates that this is due to a lack of transparency or inadequate detection resources. The company warns that vulnerabilities probably exist already. Since Google began tracking zero-days in 2014, only two messaging apps have reported zero-days – WhatsApp (2019) and iMessage (2021). Google’s initiative aims to encourage vendors to ensure their products are secure from zero-day exploits. It wants other companies to ensure memory corruption bugs are immune to exploits. As for the average mobile user, all you need to do is keep your device updated with the latest software, even if it’s a minor security update. In the long run, eliminating zero-day exploits will require a collective effort from all parties involved, including device manufacturers. Companies like Apple, Google, and Microsoft are significantly upping their zero-day detection capabilities. So we can expect more exploits to be discovered and, hopefully, fixed.
