Maddie Stone

Real World 0-days: A Year-in-Review of 0-day Exploits Used In-the-Wild in 2021


In 2021, a record-breaking XX [51 as of Oct 21, 2021] 0-day exploits were detected in-the-wild, up from 25 in 2020. That means we have XX [51 so far] data points to learn what attackers are actually doing with 0-day exploits. This talk synthesizes what we can learn from the 0-days detected in-the-wild in 2021: the trends, the lessons learned, the novel bugs & methods. All of this will be backed up with detailed walk-throughs of some of the most notable aspects of the in-the-wild 0-day exploits seen in 2021. 

Much of security research is trying to emulate or guess what attackers who use 0-days are actually doing. In this talk, we’ll dive into what attackers actually are doing with 0-day exploits across most of the major consumer platforms: Chrome, Safari, Windows, iOS, macOS, Android, and more!


Maddie Stone is a Security Researcher on Google Project Zero where she focuses on 0-days actively exploited in-the-wild. Previously, she was a reverse engineer and team lead on the Android Security team. Maddie also spent many years deep in the circuitry and firmware of embedded devices as a reverse engineer and researcher at the Johns Hopkins Applied Physical Laboratory.