zero-day

Unofficial versions of the Chinese e-commerce app Pinduoduo installed malicious apps on and stole user data from millions of Android devices

In comparison, Google products were targeted by 10 zero-days, while Microsoft took first place and accounted for a whopping 18 of the exploited zero-days

The now-fixed exploit was caused by insufficient data validation in Mojo, a collection of runtime libraries used by Chrome. 

As a result of the hack, public information from 5,485,636 Twitter accounts was compiled and put up for sale on the dark web for $30,000 USD.

The heap-based buffer overflow vulnerability was originally reported on July 1 and, according to Google, was being actively exploited in the wild.

The now-patched zero-day vulnerability could cause a browser to crash or trigger local errors, and could potentially be exploited to execute arbitrary code.

According to the tech giant, the zero-day bug is being tracked as CVE-2022-1096 and has been actively exploited in the wild.

The company has fixed a 'gamed' zero-day vulnerability with the release of iOS 15.0.2.

A related and much worse zero-click vulnerability was patched in iOS 14.4, but the zero-day Wi-Fi vulnerability is alive and kicking (and exploitable) on iOS 14.6.

Security researcher Ryan Pickren discovered seven zero-day vulnerabilities during a "pretty intense" bug-hunting expedition in Safari.

Security researcher finds 40 zero-day vulnerabilities in Samsung's Tizen OS