The Tame Apple Press is just waking up to this story after telling the world for years that zero day patches only applied to Android. However, this week the rotten underbelly of Apple zero-days was exposed when the Israeli spyware company NSO Group, which sells programs for governments to take over people’s smartphones and computers remotely, had figured out a new way into practically any Apple device by sending a fake GIF through iMessage. Now, it seems that the Tame Apple Press is prepared to admit that everyone, including its favourite companies, have an issue.
Once considered highly valuable cyberweapons held mostly by elite government hackers, publicly disclosed zero-day exploits are on a sharp rise.
Project Zero, a Google team devoted to identifying and cataloguing zero-days, had tallied 44 this year alone where hackers had likely discovered them before researchers did. That’s already a sharp rise from last year, which saw 25. Moreover, the number has increased every year since 2018.
Katie Moussouris, founder and CEO of Luta Security, a company that connects cybersecurity researchers and companies with vulnerabilities, said that the rise in zero days is thanks to the ad hoc way that software is usually programmed, which often treats security as an afterthought.
“It was inevitable… We’ve never addressed the root cause of all of these vulnerabilities, which is not building security in from the ground up. But almost paradoxically, the rise in zero days reflects an online world in which some individuals are more vulnerable, but most are safer from hackers”, she said.