zero-day

Hello 0-Days, My Old Friend: a 2024 Zero-Day Exploitation Analysis

Google's Threat Intelligence Group reported 75 zero-day vulnerabilities exploited in 2024, down from 98 in 2023 but up from 63 in 2022. This year's exploitation continued a trend towards targeting enterprise technologies over end-user products. Key findings included:

  1. Trends in Exploitation: 44% of vulnerabilities targeted enterprise software, up from 37% in 2023. Vendors are improving security, reducing exploits on popular targets like browsers.
  2. Notable Targets: Security and networking products saw increased exploitation, with a significant focus on Ivanti and Palo Alto. Attackers' focus is shifting from end-user devices to critical enterprise infrastructures.
  3. Actor Analysis: State-sponsored espionage actors, particularly from China and North Korea, accounted for the majority of attributable exploitation, often blending espionage with financial motives.
  4. Exploited Vulnerability Types: The most common were remote code execution and privilege escalation vulnerabilities, often resulting from software coding errors.

Overall, while detection and vendor defenses improve, zero-day vulnerabilities remain appealing to threat actors, necessitating stronger vendor security practices.

https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/

Apple Users: Update Your Devices Now to Patch Zero-day Vulnerability

Apple users must update devices to fix a zero-day vulnerability actively exploited in iOS. Affected devices include iPhone XS and newer, certain iPads, macOS Sequoia, Apple Watch Series 6+, and Apple TV models. Users should check for updates in Settings and consider enabling Automatic Updates. The vulnerability, tracked as CVE-2025-24085, allows privilege escalation via a misuse of memory in Core Media.

https://www.malwarebytes.com/blog/news/2025/01/apple-users-update-your-devices-now-to-patch-zero-day-vulnerability

Scroll to Top