Skip to main content
  1. Home
  2. Computing
  3. News

2015 saw more zero-day exploits but it took less time to fix them

By

A pair of hands on a laptop keyboard with two displays.
Image used with permission by copyright holder
Zero-day attacks can be an infuriating quandary for developers. With the right exploit, skilled hackers can find a security hole in a piece of software and use it to hold hostage data from the software’s users. Because it puts developers in a hurry to fix the issue immediately, before threats begin to impact its users, this type of attack is known as a zero-day exploit — as in the developer has zero days to release a patch before things go haywire.

In 2012, there were 14 zero-day exploits out in the wild. By 2013, this increased to 23, and in 2014, there was only one more discovered, making the total 24. After that, unfortunately, and as security firm Symantec points out, the zero-day exploit situation did not improve, nor did it only moderately worsen. Instead, from 2014 to 2015, the number of classified zero-day exploits jumped 225 percent, from an already daunting 24 to a distressing 54.

Recommended Videos

The drastic upturn in last year’s exploits is due in part to the Hacking Team breach, which unleashed six of these zero-day exploits on its own, inspiring Adobe and other developers to accelerate their fixes.

“It is difficult to defend against new and unknown vulnerabilities,” reads Symantec’s yearly Internet Threat Report, “particularly zero-day vulnerabilities for which there may be no patch, and attackers are trying hard to exploit them faster than vendors can roll out patches.”

The report notes that the most popular exploit kit in 2015, Angler, took advantage of these new zero days to conduct over 19.5 million attacks that were, in turn, blocked by Symantec.

Over the last year, the most common victim of zero-day attacks was Adobe Flash, which infamously survived 10 vulnerabilities, comprising 17 percent of the total zero-day attacks in 2015. While this is clearly not something a company should take pride in, that was an improvement over 2014 when Flash’s zero-day exploit count stood at an unfortunate 12. Notably, though, Microsoft also endured 10 zero days in 2015.

On the bright side, however, Adobe has been a serious contributor to the reduction in the amount of time it took developers to issue zero-day patches in 2015. Compared to the average 59 days it took in 2014 and even the four it took in 2013, the average repair time of just one day in 2015 isn’t too shabby.

Meanwhile, the total time of exposure was seven days last year, as opposed to 295 days in 2014 and 19 days in 2013.

So even though we’re now seeing more zero-day attacks than ever, the time it is taking to address them is diminishing rapidly. That could arguably put us in a better place than before.

Editors' Recommendations

Topics
Gabe Carey
Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
The 6 best detachable laptops in 2024
The Surface Pro 9 with the Type Cover keyboard lifted up.

Detachable laptops – or tablets with removable keyboards – are a popular alternative to traditional laptops. These devices are ultra-portable and versatile, allowing you to stow them in even the most cramped backpack. They also serve as both tablet and laptop, letting you make use of their touchscreen for notetaking or drawing before reattaching their keyboard to type up a lab report or presentation.

There are hundreds of detachable laptops to choose from in 2024, including powerful models from Microsoft, Apple, Dell, and ASUS. However, it can be hard to narrow down all the options, as many of them offer similar specs or identical designs.

Read more
I want to love Asus’ gaming earbuds, but there are problems
The Asus Cetra Supernova earbuds sitting on top of a gaming PC.

I've been warming up to gaming earbuds over the past couple of years. Although one of the best headsets for PC gaming wins in terms of immersion, the low-profile nature of earbuds is better for comfort during long gaming sessions. Asus seems to agree, with its new Cetra True Wireless SuperNova earbuds squarely targeting gamers who value comfort as much as sound quality.

The $200 earbuds sound like the perfect package. You've getting noise cancellation, a low-latency connection, high-fidelity audio, and support for just about any platform imaginable. The package is excellent, and Asus manages fantastic audio quality and comfort while packing in many features. Still, there are a handful of minor issues here that Asus needs to address, especially at the premium price it's asking, which is where my problems lie.
Meet the Cetra True Wireless SuperNova

Read more
Microsoft says 75% of office workers already use AI at work
Copilot on a laptop on a desk.

In its Annual Work Trend Index, Microsoft has, unsurprisingly, published some fresh data around AI in the workplace. The big stat is that according to its survey, 75% of "knowledge workers" are already using generative AI at work, with that number doubling in the last six months alone.

The survey defines "knowledge workers" as "those who typically work at a desk (whether in an office or at home)," which is a pretty broad demographic.

Read more