Google statistics: Most zero-day gaps are in Microsoft products

This is true at least for the year 2019. Google admits, however, that there are more tools for detecting vulnerabilities for Windows than for other software. Linux and macOS have had no actively exploited zero-day gap since 2014.

Google has published statistics on actively exploited zero-day gaps in software. In the first half of 2020, 11 vulnerabilities fell into this category. This means that the current year is roughly at the level of the previous year, in which Google counted a total of 20 zero-day gaps – most of them in Microsoft products.

Security (Image: Shutterstock)A total of eleven vulnerabilities in Microsoft-Applications only became known because they were already actively used by cybercriminals for attacks. There were three zero-day gaps in Google products. Mozilla and Apple appear twice in the statistics, Facebook and Trend Micro once each.

According to Google, 2019 was also the first year in which a zero-day gap in Android was reported. However, no actively exploited zero-day gaps have been found in Linux, Safari or macOS since 2014 – Google has only been maintaining the statistics since 2014.

The company also emphasized that current versions of an operating system or software were not always affected. Google also suspects that the statistics are incomplete. It assumes that some software providers are hiding actively exploited zero-day gaps and issuing fixes as regular updates.

Google also admits that the figures do not allow any conclusions to be drawn about the actual safety of products. There is a general focus on Microsoft, as there are more security tools that specialize in the detection of errors in Windows.

Zero-day gaps are less likely to be discovered in mobile platforms because they are largely isolated, Google continues. On the one hand, these security measures serve to protect users, but on the other hand they can also be to their disadvantage because researchers cannot specifically look for weak points. Apple had recently recognized this conflict and introduced a security program that includes special iPhones for security researchers that have been freed from some restrictions.

Google has been recording and investigating zero-day gaps since 2014, but the company created an evaluation for 2019 for the first time. It should now be updated every year.

To new heights with SkySQL, the ultimate MariaDB cloud

In this webinar we will introduce SkySQL to you, explain the architecture and explain how it differs from other systems Amazon RDS on. You will also get an insight into the product roadmap, a live demo, and how to get SkySQL up and running in minutes.

Leave a Reply

Your email address will not be published. Required fields are marked *