Zero-day vulnerabilities are among the deadliest threats leveraged by attackers to accomplish their malicious attacks. Damage done by recent ProxyLogon zero-day attacks. Several cybercriminals are continuously striving to discover new zero-day flaws and leverage them for active attacks in the wild.

The biggies on target 

Within the past few weeks, three global IT giants—Microsoft, Google, and Apple—have faced active zero-day attacks on their products.

  • Apple released security patches for some zero-day flaws impacting all its major product lines, including iPhones, iPads, and watches. The organization stated that the security bug was found in its WebKit browser engine and it may be actively exploited by hackers.
  • Google disclosed and patched a zero-day vulnerability (CVE-2020-11261) in Qualcomm’s Graphics component, which was being weaponized by some adversaries for launching targeted attacks.
  • Security researchers found that the Bitter APT group was actively exploiting an out-of-bounds write zero-day vulnerability (CVE-2021-28310) in Desktop Window Manager, which was later patched by Microsoft
  • Microsoft released patches for 110 vulnerabilities, including five zero-day vulnerabilities in its Exchange that were under active attack.
  • Two critical zero-day vulnerabilities (CVE-2020-2509 and CVE-2021-36195) were found in the legacy QNapstorage hardware TS-231, which could allow an attacker to manipulate stored data and hijack the device.
  • A critical zero-day vulnerability (CVE-2021-30480) was identified in Zoom Chat for Windows and macOS. An attacker could exploit this to launch RCE attacks.
  • The REvil ransomware group targeted Taiwanese electronics giant Acer, asking for a gigantic $50 million in ransom. Research suggested that a recent zero-day flaw in Microsoft Exchange Server was exploited by the REvil gang to carry out this attack.

Ending note

Zero-day attacks are one of the most challenging threats as they are very difficult to predict. Protection against such threats demands a robust security strategy and a multi-layered security architecture to protect the infrastructure and minimize the damage caused by such attacks.