Google has revealed it identified 75 zero-day vulnerabilities exploited in the wild in 2024. This figure is an improvement on 2023’s (98 vulnerabilities) but still higher than 2022’s (68 vulnerabilities).
The analysis was conducted by Google Threat Intelligence Group (GTIG), classifying labelling vulnerabilities into end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.
Of the 75 vulnerabilities discovered, 44% (33 vulnerabilities) targeted enterprise-focused technologies such as security and networking products, while the remaining pointed towards end-user platforms and products.
“While there are multiple factors involved in discovery of zero-day exploitation, we note that continued improvement and ubiquity of detection capabilities along with more frequent public disclosures have both resulted in larger numbers of detected zero-day exploitation compared to what was observed prior to 2021,” the company noted in a blog post.
Enterprise Exploitation on the Rise, End-user Exploitation Drops
GTIG observed the following trends in end-user platforms and products:
- Zero-day exploitation of browsers and mobile devices dipped (17 vulnerabilities to 11 for browsers, and 17 to 9 for mobile).
- Chrome was the primary focus of browser zero-day exploitation in 2024.
- Desktop Operating Systems (OSs) continue to be a target. OS vulnerabilities made up nearly 30% of all zero-day vulnerabilities discovered, compared to 17% in 2023.
- Exploit chains composed of multiple zero-day vulnerabilities are primarily used to target mobile devices, accounting for nearly 90% of such instances.
- The trend of third-party components being exploited in Android devices continues. Five of the seven zero-days exploited in Android devices were flaws in third-party components in 2023. In 2024, three of the seven zero-days exploited in Android were found in third-party components.
- Exploitation of Microsoft Windows has been on the rise, increasing from 13 zero-day vulnerabilities in 2022 to 16 in 2023, and reaching 22 in 2024.
Trends in Enterprise Technology Exploitation:
- GTIG recorded the exploitation of 33 zero-day vulnerabilities in enterprise software and appliances.
- Of the 33 enterprise zero-days, 20 targeted security and network infrastructure products.
- 18 unique enterprise vendors were affected by zero days in 2024 – a decline from 22 vendors in 2023.
- Tools such as Ivanti Cloud Services Appliance, Palo Alto PAN-OS, Cisco ASA, and Ivanti Connect Secure VPN were compromised.
- Microsoft was affected by the most zero-day vulnerabilities in 2024 (26), followed by Google (11), Ivanti came third (7), and fourth Apple (5).
Types of Exploited Vulnerabilities
In 2024, threat actors primarily exploited zero-day vulnerabilities to achieve remote code execution (RCE) and privilege escalation. These two exploitation goals accounted for more than half of all tracked zero-day exploits, totalling 42 incidents.
This demonstrates a continued preference for vulnerabilities that allow control or elevation of access within systems.
Three specific types of vulnerabilities dominated the exploitation landscape in 2024:
- Use-After-Free Vulnerabilities
- Total incidents: 8
- These flaws result from incorrect memory management during deallocation in software.
- Targets included hardware, operating systems, browsers, and low-level software.
- They have remained consistently prevalent over several years.
- Command Injection Vulnerabilities
- Total incidents: 8 (including OS command injection)
- These involve the execution of arbitrary commands on a host operating system.
- They were mostly seen in security and networking software and appliances.
- Cross-Site Scripting (XSS)
- Total incidents: 6
- These flaws allowed threat actors to inject malicious scripts into web pages.
- XSS targets included mail servers, enterprise platforms, operating systems, and browsers.
About Author
