⇄ Σ = Mᄃ² ⇆  

if a bug is known in Android before Google, it is called a zero-day. However, once Google learns about it, it becomes an n-day, with the n reflecting the number of days since it became publicly known.

Google warns that attackers can use n-days to attack unpatched devices for months, using known exploitation methods or devising their own, despite a patch already being made available by Google or another vendor.

1
⇄ Σ = Mᄃ² ⇆
Follow

This is caused by patch gaps, where Google or another vendor fixes a bug, but it takes months for a device manufacturer to roll it out in their own versions of Android.

"These gaps between upstream vendors and downstream manufacturers allow n-days - vulnerabilities that are publicly known - to function as 0-days because no patch is readily available to the user and their only defense is to stop using the device," explains Google's report.

security.googleblog.com/2023/0

· 1· 1· 2
⇄ Σ = Mᄃ² ⇆  

Even after Google releases the Android security update, it takes device vendors up to three months to make the fixes available for supported models, giving attackers yet another window of exploitation opportunity for specific devices.

This patch gap effectively makes an n-day as valuable as a zero-day for threat actors who can exploit it on unpatched devices.

The good news is that Google's 2022 activity summary shows that zero-day flaws are down compared to 2021

bleepingcomputer.com/news/secu

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…