"18 Zero-Days Exploited So Far in 2022"

So far, 18 security vulnerabilities have been exploited as unpatched zero-days in the wild this year, with half of them being preventable flaws. Nine of the flaws were updated versions of vulnerabilities that had already been patched, with four of them being updates to zero-day bugs that had already been discovered in the wild in 2021. The idea that zero-day exploits are so sophisticated that defenders cannot hope to catch them is refuted by the fact that these are closely related to security flaws that have already been observed, according to Google Project Zero's Maddie Stone. Attackers used a variant of the original bug after the original in-the-wild zero-day vulnerability was patched. A large portion of the 2022 in-the-wild zero-days results from the prior vulnerability's incomplete patching. Apple iOS, Atlassian Confluence, Chromium, Google Pixel, Linux, WebKit, and Windows are among the platforms affected by the 2022 zero-days (including the Follina and PetitPotam vulnerabilities). This article continues to discuss the zero-days discovered in 2022 so far and the importance of forcing attackers to start from scratch. 

Dark Reading reports "18 Zero-Days Exploited So Far in 2022"