Google: 58 Zero-Day Exploits Spotted in 2021, the Most Ever on Record

pcmag.com:

Last year, the tech industry detected and disclosed 58 zero-day exploits, the most ever recorded in a single year, according to Google. 

The number represents a drastic increase from the 25 zero-day exploits the industry detected in 2020, but it doesn’t necessarily mean our software is becoming more insecure. Instead, Google says: “We believe the large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits."

The company announced the findings in a Tuesday blog post. Since 2014, the search giant has been tracking zero-day exploits, or computer hacks that leverage a previously unknown vulnerability that has no patch. The goal behind the tracking is to analyze trends and gauge whether the industry is doing enough to stop the problem. 

Although the number of zero-days shot up in 2021, so did the number of organizations reporting the threats, which reached 20, or double from the year before. “​​Anecdotally, we hear from more people that they’ve begun working more on detection of 0-day exploits,” Google added. “It stands to reason that if the number of people working on trying to find 0-day exploits increases, then the number of in-the-wild 0-day exploits detected may increase.”

The other factor is how both Google’s Android team and Apple are properly annotating when a disclosed vulnerability is a zero-day exploit, rather than leaving it unclear. As a result, another 12 zero-day exploits were added to the 2021 list. 

Increased transparency is good for IT security. But one lingering problem is how many of the zero-day exploits detected in 2021 are variations of existing, publicly known hacking techniques.

“When we look over these 58