We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Google: Delayed Updates Make N-Days as Critical as Zero-Days

Google: Delayed Updates Make N-Days as Critical as Zero-Days
Husain Parvez Published on 3rd August 2023 Cybersecurity Researcher

Google's fourth annual year-in-review of zero-day exploits emphasized the concerning issue of n-days on Android acting as effective 0-days for threat actors. Due to long delays in distributing and incorporating patches, threat actors are able to exploit n-day vulnerabilities that have yet to be fixed, leaving the device and user behind it completely vulnerable.

The complexity of the Android ecosystem is at the core of this problem, involving multiple stages between the upstream vendor (Google) and the downstream manufacturer (phone manufacturers). This results in significant disparities in security update intervals across various device models, short support periods, responsibility mix-ups, and other related issues.

Google pointed out that due to these problems, it can take several months for device manufacturers to incorporate a patch into their own versions of Android. As a result, vulnerabilities can exist for extended periods without being addressed — attackers can continue to utilize known exploitation methods or create their own to target vulnerable devices.

Maddie Stone, a Security Researcher at Google's Threat Analysis Group (TAG), highlighted the significant advantage this offers to attackers. She stated, "This is a great case for attackers. Attackers can use the known n-day bug, but have it operationally function as a 0-day since it will work on all affected devices."

In 2022, a total of 41 zero-days were identified, marking a significant 40% decrease from the previous year's count of 69. Despite this decline, the effectiveness of n-day vulnerabilities as exploitable targets has not witnessed a corresponding reduction, leaving attackers with ample attackable surfaces. Meanwhile, Google pointed out the inadequacy of current patching methods, which merely address the specific exploit technique detected, rather than tackling the vulnerability as a whole.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address