Google said today that a quarter of all the zero-day vulnerabilities discovered being exploited in the wild in 2020 could have been avoided if vendors had patched their products correctly.
The company, through its Project Zero security team, said it detected 24 zero-days exploited by attackers in 2020.
Six of these were variations of vulnerabilities disclosed in previous years, where attackers had access to older bug reports so they could study the previous issue and deploy a new exploit version.
“Some of these 0-day exploits only had to change a line or two of code to have a new working 0-day exploit,” Maddie Stone, a member of the Project Zero team, said today in a blog post.
Source: Proper patching would have prevented 25% of all zero-days