11 zero-day vulnerabilities have been exploited in the wild for the first half of 2020, according to data collected by the Google Project Zero security team.
Details of these zero-days were collected from a spreadsheet prepared and released earlier this year by Google security researchers. The spreadsheet includes internal statistics from Google on zero-day usage dating from 2014 when the company began to monitor these estimates.
Here is a quick review of the zero-day vulnerabilities of 2020 that were listed in the spreadsheet:
This detected zero-day is a vulnerability that was used in a combination with another zero-day. The good news is that it has already been patched. A fix is available in Firefox 72.0.1.
Internet Explorer (CVE-2020-0640)
The above-listed Firefox zero-day and the Internet Explorer zero day were both used by a malicious organization known as DarkHotel, which is assumed to have been working from the Korean peninsula (whether from North Korea or South Korea is not clear). These zero days have been used for targets in China and Japan. They were detected by the Chinese antivirus developer Oihoo 360 and Japan’s Computer Emergency Response Team (JPCERT). The victims of these zero day vulnerabilities were re-routed to a website where they were compromised with a remote access Trojan named Gh0st.
A patch is available here.
This zero-day was discovered by the Threat Analysis Group of Google. There are no details about where and how this vulnerability has been used. A patch, however, is available in edition 80.0.3987.122 of Chrome.
Trend Micro OfficeScan (CVE-2020-8467 and CVE-2020-8468)
These two zero-days were internally discovered by staff from Trend Micro itself. A fix is available here.
Firefox (CVE-2020-6819 and CVE-2020-6820)
Description of the attacks where these zero-days have been used have not been released yet, although security experts have indicated they may be part of a larger operating chain.
Fixes for Firefox 74.0.1 are available here.
CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027
These three exploits were found and reported by Google TAG to Microsoft. No information on the attacks where they have been used are available yet, similarly to most of the Google TAG findings.
Sophos XG Firewall (CVE 2020-12271)
This zero-day was discovered earlier this year in the firewall tool of the UK security company Sophos. The vulnerability represented an SQL injections into the management panel of the firewall, which allowed hackers on infected systems with the Asnarok backdoor. In a report, Sophos said that hackers had tried to inject Ragnarok ransomware on compromised computers, but the firm claimed it prevented most of the attempts.
A patch is available here.
Last week, Google released the main results from its first zero-day survey, describing 2019 zero-days and their specifics. According to the report, for the past year, the company has detected 20 zero-days in total, eleven of which affecting Microsoft products.
Google said that, from now on, it plans to publicly release an annual Zero-Day Year in Review report each year.