Summary
Last week, it was reported that an Apple employee had helped fix a critical issue in Google Chrome after a "zero-day" was identified during a hacking competition earlier this year. The issue was later brought to the team's attention at Google, and fixed.
A zero-day is a software security vulnerability unknown to the software vendor, which can be leveraged by hackers to gain access to systems, exploit programs, and disrupt networks until the vendor mitigates it. The sooner zero-day attacks are identified, the easier it is to create patches and prevent them from recurring.
Google isn’t the only major tech player to face some issues related to zero-day. Apple has recently rolled patches to mitigate and prevent zero-day flaws which were impacting iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Microsoft is also investigating reports that Russian spies and cybercriminals are actively exploiting still-unpatched security flaws in its product.
Apart from GAFAM companies, government officials have also been facing zero-days.
Twelve Norwegian ministries were hacked using a zero-day vulnerability earlier this month. This breach happened in the government IT system in an unnamed third-party software, leading local authorities such as the Norwegian Security and Service Organization (DSS) and National Security Authority (NSM) to launch an investigation.
“This vulnerability was unique, and was discovered for the very first time here in Norway (...)If we had released the information about the vulnerability too early, it could have contributed to it being misused elsewhere in Norway and in the rest of the world.” |
Norway has disclosed other cyberattacks in which Chinese and Russian state hackers targeted government websites and the country's parliament.
Have you ever experienced a zero-day? Join the conversation in our Yes We Trust community, a free discussion group for data privacy professionals and enthusiasts, on LinkedIn: