An analysis of 24 zero-day vulnerability exploits discovered in 2020 revealed that a quarter of them appeared to be closely related derivatives of previously known exploits – meaning they have have been prevented in the first place, had the original bugs been patched correctly.
The findings, from Google Project Zero, highlight a troubling habit that software developers can sometimes fall into: hastily scramble to issue an urgent vulnerability patch, only to move on to the next issue without fully grasping the underlying cause or crafting a wholistic fix. In some cases, the original patch didn’t even work correctly.
In certain instances, malicious actors simply tweaked a couple of lines of code in order to “revive” a particular exploit method in a slightly different form, according to a Project Zero blog post by security researcher Maddie Stone.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.