An attack can sometimes take us by surprise. In this video, you’ll learn about zero-day attacks and how to prepare and respond to these attacks.
The applications and operating systems that you’re using right now most likely have security vulnerabilities inside of them. The problem is that we’ve not identified what those vulnerabilities are yet. But eventually, someone will discover this vulnerability, and we’ll need to provide patches to be able to close those security holes in your operating systems or applications.
People all over the world are working to identify vulnerabilities every day. These may be researchers, who can share these vulnerabilities with developers. But this can also be found by attackers. They would like to be able to find these vulnerabilities first. That would allow them to take advantage of the vulnerability without having any patches available to stop them. So the attackers are working constantly to identify and document these vulnerabilities so that they can create attack code that goes after that very vulnerability.
The attackers, of course, are not going to share this information with the vendor of the software. And the vendor of the software has no idea that this vulnerability even exists. This also means there’s no patch for this vulnerability because, from the vendor’s perspective, the vulnerability has not yet been discovered. If the attackers then begin exploiting this vulnerability and there’s no patch available to mitigate this issue, we refer to that as a zero-day attack.
If the security community suddenly realizes there’s a new type of attack that no one’s seen before, there will suddenly be a flurry of work to create a patch to mitigate that issue. This means until a patch is created, the attacker can continue to take advantage of this vulnerability. It’s very difficult to protect a system if you have no idea that the problem even exists.
If you’d like to keep track of any zero-day attacks that may arrive or you’d like to know about vulnerabilities in general, you can visit the Common Vulnerabilities and Exposures website, or CVE, at CVE.mitre.org. Here’s an example of zero-day attacks that you might find by visiting the CVE website. For example, in April of 2023, the Chrome browser announced a zero-day attack that involved memory corruption and a sandbox escape.
In May of 2023, Microsoft introduced a zero-day patch. In this attack, self-signed code was able to run during the UEFI boot process, which should not be possible if you’re using secure boot. And also in May of 2023, Apple’s iOS and iPadOS had zero-day attacks.
There were three separate patches made available. One was a sandbox escape. The other was a disclosure of sensitive information. And the other was an arbitrary code execution. Many of these exploits were being used in the wild. So it was important for Apple, Microsoft, and Google to create patches that can close these vulnerabilities and prevent these zero-day attacks from occurring.