One Article Review
| Source |  ProjectZero |
|---|---|
| Identifiant | 8221931 |
| Date de publication | 2022-08-24 12:00:49 (vue: 2022-11-25 18:05:33) |
| Titre | The More You Know, The More You Know You Don\'t Know |
| Texte | A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository. We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for attackers to use 0-day capabilities. 2021 highlighted just how important it is to stay relentless in our pursuit to make it harder for attackers to exploit users with 0-days. We heard over and over and over about how governments were targeting journalists, minoritized populations, politicians, human rights defenders, and even security researchers around the world. The decisions we make in the security and tech communities can have real impacts on society and our fellow humans’ lives. We’ll provide our evidence and process for our conclusions in the body of this post, and then wrap it all up with our thoughts on next steps and hopes for 2022 in the conclusion. If digging into the bits and bytes is not your thing, then feel free to just check-out the Executive Summary and Conclusion.Executive Summary 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020. We’ve tracked publicly known in-the-wild 0-day exploits in this spreadsheet since mid-2014. While we often talk about t |
| Envoyé | Oui |
| Condensat | “0 “android “as “baby “data “detection “ground “make “more “one “wow 0 and cve first for having human in iomobileframebuffer it’s there this turbofan were whether ’ve 000 0920 0920 and 0920 was 0day 100 1048 1048 remained 11261 13720 is 16009 was 1732 1732 actually 1732 is 1782 & 1782 exploited 1844 1870 1871 1879 1905 1906 2 and 2014 2015 2016 2019 2019: 2020 2020’s 2021 2021 after 2021 in 2021’s 2022 2022:where 21148 21166 21166 is 21193 & 21206 21882 2215 22587 26411 26411 and 26411 targets 26855 26855 is 26857 26857 is 26858 26858 and 27065 27065 allowed 27932 27932 & 27950 28310 28663 28664 30551 30554 30563 30632 30632 in 30632 is 30633 30661 30663 30665 30807 30807 is 30858 30860 30860 and 30869 30869 exploited 30869 is 30883 30883 is 31199 31201 31955 31956 31979 33742 33742 and 33742 were 33771 34448 36948 37973 37975 37976 38000 38003 40444 40444 were 40449 40449 is 41773 this 42321 42321 is 42321 was 4654 58 in 6625 was a property a13 a14 ability able about above absence absent access accessible acknowledge acknowledged acknowledging actions actively actor actually adder adobe adreno advanced attack advisories affects after again against agree agreeing all allowed allows almost along already also amnesty amongst amount analysis analyze analyzing and/or android android” andthe anecdotally anecdotes annotate annotated annotating annotation annual another any anything apache app appears apple applications apps april arbitrary architecture are area areas arithmetic arm arose around art aside asking assess assigned attack attacker attackers attacking attacks attempting attractive audio auth authentication available back bar baseband based became because because: been beer before before: began beginning begun behavior being believe below ben beta better between biases big bit bits blink blogpost blogpost: body bootstrapping both bounds brand break browser browsers buffer buffers bug bugs build bulletin bulletins but bypass bytes cab callback callbacks called calls campaign campaigns can can’t capabilities capability case cause chain chains challenge challenging chance change changed changes characteristic chart check chi chip choice chooses chose chrome chromium chromium’s circuit citizen classes classes:17 classic clear clearing click close cloud code collected come comes commands commcenter commercial common communication communities community comparator compare compared completely component components components: components:2 components:4 components:6 components:mshtml components:qualcomm computationally computer concerted conclude conclusion conclusion: conclusions concrete confident confirmation confusion consider considered consistent context continually continue continued continues contribute controlled convolverhandler::process coprocessor core coregraphics correctly corruption costly could could look couple covered cpu created credit credited crypto cup currently custom customizations cve data daunting day day hard days dcp deals decades december decent decide decisions decoder decompressed decompression decrease dedicating defenders defensive deficit deficit” define defining delivered delivery demonstrated deoptimize deprecation described description descriptions deserialization design despite detail detailed details detect detected detecting detection develop developed developing development device devices devices” did didn’t different differentiate “google difficult digging disclose disclosed disclosed as disclosed since disclosing disclosure disclosure” discover discovered discuss discussed discussing distinct dive dll document documents do |
| Tags | Vulnerability Patching Guideline |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.