Google says it’s too easy for hackers to find new security flaws

by Patrick Howell O'Neill

In December 2018, researchers at Google detected a group of hackers with their sights set on Microsoft’s Internet Explorer. Even though new development was shut down two years earlier, it’s such a common browser that if you can find a way to hack it, you’ve got a potential open door to billions of computers.


The hackers were hunting for, and finding, previously unknown flaws, known as zero-day vulnerabilities.


Soon after they were spotted, the researchers saw one exploit being used in the wild. Microsoft issued a patch and fixed the flaw, sort of. In September 2019, another similar vulnerability was found being exploited by the same hacking group.


More discoveries in November 2019, January 2020, and April 2020 added up to at least five zero-day vulnerabilities being exploited from the same bug class in short order. Microsoft issued multiple security updates: some failed to actually fix the vulnerability being targeted, while others required only slight changes that required just a line or two to change in the hacker’s code to make the exploit work again.


See the full article from MIT technology Review here

19 views0 comments