End users, admins, and researchers better brace yourselves: The number of apps being patched for zero-day vulnerabilities has skyrocketed this month and is likely to get worse in the following weeks.
People have worked overtime in recent weeks to patch a raft of vulnerabilities actively exploited in the wild, with offerings from Apple, Microsoft, Google, Mozilla, Adobe, and Cisco all being affected since the beginning of the month. The total number of zero-days in September so far is 10, compared with a total of 60 from January through August, according to security firm Mandiant. The company tracked 55 zero-days in 2022 and 81 in 2021.
The number of zero-days tracked this month is considerably higher than the monthly average this year. A sampling of the affected companies and products includes iOS and macOS, Windows, Chrome, Firefox, Acrobat and Reader, the Atlas VPN, and Cisco’s Adaptive Security Appliance Software and its Firepower Threat Defense. The number of apps is likely to grow because a single vulnerability that allows hackers to execute malicious code when users open a booby-trapped image included in a message or web page is present in possibly hundreds of apps.