A report from Mandiant tracked 55 zero-day vulnerabilities that it says were exploited in 2022. A zero-day is any vulnerability that threat actors manage to exploit before a patch is made available to the public.
The cyber threat intelligence firm and Google Cloud subsidiary found that Apple products were the third most exploited by zero-day volume, at nine total exploited vulnerabilities. In comparison, Google came in second place with 10 zero-days exploited, while Microsoft took first place and accounted for 18 of the exploited zero-days. Other key points from the Mandiant report:
- Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years.
- Mandiant identified four zero-day vulnerabilities exploited by financially motivated threat actors. Seventy-five percent of these instances appear to be linked to ransomware operations.
- The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).