An analysis of 24 zero-day vulnerability exploits discovered in 2020 revealed that a quarter of them appeared to be closely related derivatives of previously known exploits – meaning they have have been prevented in the first place, had the original bugs been patched correctly.

The findings, from Google Project Zero, highlight a troubling habit that software developers can sometimes fall into: hastily scramble to issue an urgent vulnerability patch, only to move on to the next issue without fully grasping the underlying cause or crafting a wholistic fix. In some cases, the original patch didn’t even work correctly.

In certain instances, malicious actors simply tweaked a couple of lines of code in order to “revive” a particular exploit method in a slightly different form, according to a Project Zero blog post by security researcher Maddie Stone.

Please register to continue.

Already registered? Log in.

Create Free Account Log in to Existing Account

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.

Topics:

Application security Patch management Vulnerability Management