Security News > 2024 > February > Google says spyware vendors behind most zero-days it discovers
Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide.
Google's TAG has been following the activities of 40 commercial spyware vendors to detect exploitation attempts, protect users of its products, and help safeguard the broader community by reporting key findings to the appropriate parties.
Based on this monitoring, Google has found that 35 of the 72 known in-the-wild zero-day exploits impacting its products over the last ten years can be attributed to spyware vendors.
"Each time Google and fellow security researchers discover and disclose new bugs, it causes friction for CSVs and costs them development cycles," says Google.
Google calls for more action to be taken against the spyware industry, including higher levels of collaboration among governments, the introduction of strict guidelines that govern the use of surveillance technology, and diplomatic efforts with countries hosting non-compliant vendors.
Google is proactively countering spyware threats through solutions like Safe Browsing, Gmail security, the Advanced Protection Program, and Google Play Protect, as well as by maintaining transparency and openly sharing threat information with the tech community.
News URL
Related news
- US cracks down on spyware vendor Intellexa with more sanctions (source)
- 1 in 10 orgs dumping their security vendors after CrowdStrike outage (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)