A recently released report from Symantec shows the number of 0-day exploits hit 54 in 2015, the highest level ever recorded. The number is more than 2013 and 2014 combined, but the good news is that software developers sharply reduced the time it took to patch zero-day exploits. On average, it took just one day to patch these flaws in 2015, versus 59 days in 2014 and four days in 2013.
The report suggests the accelerated pace may be a big contributor to the increased number of zero-day attacks. The faster these vulnerabilities get patched, the higher the incentive to replace it with a new one. Full details at ARS Technica.
Unsurprisingly, the software suffering the most zero-day attacks last year was Adobe Flash, with a whopping 10 vulnerabilities, or 17 percent of all the 2015 zero days. As checkered as the media player software's reputation is, last year represented an improvement over 2014, which recorded 12 attacks exploiting previously unknown vulnerabilities. (Last week, Adobe fixed a Flash vulnerability that was being exploited to surreptitiously install crypto ransomware on end-user computers.) Microsoft software also sustained 10 zero-day attacks, although they were spread out among a larger portfolio of products, including Windows with six exploits, Internet Explorer with two exploits, and Office with two exploits.