Skip to main content

Staying Up To Date On Software Patches Is Critical

By February 17, 2021May 5th, 2022Cybersecurity

google employee - olmecGoogle’s Project Zero security team has an impressive track record when it comes to chasing down and addressing the most critical cyber security flaws found. They’re tireless in their work, which has saved untold billions of dollars and hampered the efforts of hackers all over the world.

The team has gathered some rather shocking statistics, however, including this eye-opener:

Based on their research, fully one fourth of the Zero-day exploits being discovered in use in the wild could have been avoided entirely if vendors and IT admins had properly patched their products.

Over the course of 2020, the team detected a total of 24 zero-day exploits. Six of these were variations on a theme; vulnerabilities disclosed in prior years, where hackers had access to older bug reports and had plenty of time to study older issues, making a few simple tweaks and winding up with a brand new zero-day exploit.

For instance, CVE-2020-0674, which is a Zero-Day Internet Explorer flaw is a variant that combines elements of CVE-2018-8653, CVE-2019-1367, and CVE-20191429.

In a similar vein, the devastating Google Chrome flaw tracked as CVE-2020-6572 is a variant that combines elements of CVE-2019-5870 and CVE-2019-13695. The Apple Safari zero-day issue tracked as CVE-2020-27930 is virtually identical to the one discovered back in 2015 and tracked as CVE-2015-0093.

On the one hand, this news is rather depressing as it seems that many in the IT security profession seem to be making things harder on themselves than they need to be. On the other hand, as Maddie Stone, a member of the Project Zero team observed, these kinds of insights are the exact reason the team was formed to begin with.

By studiously identifying and shutting down the most glaring and serious flaws and gathering cybersecurity statistics and data, the hope is to make them increasingly harder for hackers around the world to take advantage of in years to come. So far, that approach seems to be working. Kudos to Google and the Zero Day team.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.