2015 saw more zero-day exploits but it took less time to fix them

google project zero publishes microsoft browser day bug hacker keyboard dark room
Zero-day attacks can be an infuriating quandary for developers. With the right exploit, skilled hackers can find a security hole in a piece of software and use it to hold hostage data from the software’s users. Because it puts developers in a hurry to fix the issue immediately, before threats begin to impact its users, this type of attack is known as a zero-day exploit — as in the developer has zero days to release a patch before things go haywire.

In 2012, there were 14 zero-day exploits out in the wild. By 2013, this increased to 23, and in 2014, there was only one more discovered, making the total 24. After that, unfortunately, and as security firm Symantec points out, the zero-day exploit situation did not improve, nor did it only moderately worsen. Instead, from 2014 to 2015, the number of classified zero-day exploits jumped 225 percent, from an already daunting 24 to a distressing 54.

The drastic upturn in last year’s exploits is due in part to the Hacking Team breach, which unleashed six of these zero-day exploits on its own, inspiring Adobe and other developers to accelerate their fixes.

“It is difficult to defend against new and unknown vulnerabilities,” reads Symantec’s yearly Internet Threat Report, “particularly zero-day vulnerabilities for which there may be no patch, and attackers are trying hard to exploit them faster than vendors can roll out patches.”

The report notes that the most popular exploit kit in 2015, Angler, took advantage of these new zero days to conduct over 19.5 million attacks that were, in turn, blocked by Symantec.

Over the last year, the most common victim of zero-day attacks was Adobe Flash, which infamously survived 10 vulnerabilities, comprising 17 percent of the total zero-day attacks in 2015. While this is clearly not something a company should take pride in, that was an improvement over 2014 when Flash’s zero-day exploit count stood at an unfortunate 12. Notably, though, Microsoft also endured 10 zero days in 2015.

On the bright side, however, Adobe has been a serious contributor to the reduction in the amount of time it took developers to issue zero-day patches in 2015. Compared to the average 59 days it took in 2014 and even the four it took in 2013, the average repair time of just one day in 2015 isn’t too shabby.

Meanwhile, the total time of exposure was seven days last year, as opposed to 295 days in 2014 and 19 days in 2013.

So even though we’re now seeing more zero-day attacks than ever, the time it is taking to address them is diminishing rapidly. That could arguably put us in a better place than before.

Product Review

Samsung's Galaxy Watch could fool you into thinking it's analog

Samsung’s new smartwatch -- the Galaxy Watch -- is a successor to the Gear S3 and Gear Sport. The key new feature? The processor has been optimized to deliver up to four to six days of battery life.

The Best Amazon deals after Prime Day

Amazon Prime Day has come and gone, but there are plenty of Amazon deals left. We've scoured through all of the savings the retail giant has to offer to bring you only the best. Prime Day isn't the only day you can save, you know.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

Amazon Prime brings more perks than just free two-day shipping. Subscribers get access to a huge library of TV shows to stream at no extra cost. Here are our favorite TV shows currently available on Amazon Prime.
Emerging Tech

Airbus Zephyr solar aircraft breaks record for longest flight

A solar-powered Airbus aircraft has broken the record for the longest continuous flight. The Zephyr S stayed aloft for nearly 26 days, taking the aircraft a step closer to becoming a viable alternative to satellite technology.

For work or for play, these are the 5 best laptop deals for college students

Whether you're getting ready for a new school year, shopping for a special student, or just need a new computer, we've got you covered: These are the five best laptop deals going right now, from discounted MacBooks to an on-the-go gaming…

The browser-based Monero miner Coinhive generates around $250,000 each month

Despite a fall in cryptocurrency mining, the Coinhive Monero miner is still highly active, generating around $250,000 each month. Coinhive also contributes 1.18 percent of the total mining power behind the Monero blockchain.

Steam survey shows PC gamers are still mostly playing in 1080p and lower

Valve Software’s latest hardware and software survey for July 2reveals that 63.72 percent of Steam’s registered members still play games with a 1080p resolution. Even more, only 1.14 percent are playing at a 4K resolution.

The Andromeda botnet still lingers as nations struggle to clean infected PCs

A report by Fortinet suggests that although the FBI and Europe ended the Andromeda botnet’s reign in late 2017, there are still infected PCs. Cleaning up these PCs isn’t progressing at the same pace across various regions.

8 easy ways for you to transfer photos from an Android phone to a PC

If you haven't already, you should back up your photos to a computer. Here's how to transfer photos from an Android phone to a PC using third-party services and a wealth of storage devices.

Windows 10 can split and resize windows with ease. Here's how to do it

Windows 10 is a great desktop operating system, and its many window management features are part of the reason why. Here's how to divvy up windows using Snap Assist and other native tools.

Apple AR glasses will launch in 2020, says respected industry analyst

Apple AR glasses may be closer to reality than we thought. Here is everything we know so far about the augmented reality system, including the rumored specifications of Apple's Project Mirrorshades.
Social Media

How to use Adobe Spark Post to spice up your social media images

Images are proven to get more likes than plain text -- but only if those images are good. Adobe Spark post is an AI-powered design program for non-designers. Here's how to use it to take your social media feeds to the next level.

Google One subscriptions offer more cloud storage for low prices, other perks

Can't get enough storage on Google Drive, Photos, or Gmail? Google One is the new way to boost your cloud storage. But it's not just about more space -- Google One comes with a loads of benefits.

A turn for the better: Loupedeck+ adds custom dials, more to Lightroom console

The Loupedeck+ improves on the original Lightroom console by adding welcome customization options and introducing support for Skylum Aurora HDR. What's even better is that it does this all at an even lower price.