Upcoming Advisories

143 Zero-Day Vulnerabilities Discovered since 2006
138 Vulnerabilities Disclosed & Patched
5 Remain in Zero-Day State Unpatched

FG-VD IDAffected VendorsRiskReported Date
FG-VD-13-017 Apple 4 High 06/06/2013
FG-VD-13-016 Apple 4 High 06/06/2013
FG-VD-13-015 Apple 4 High 06/06/2013
FG-VD-13-012 Microsoft 5 Critical 03/26/2013
FG-VD-13-006 Apple 3 Medium 01/29/2013

FortiGuard protects against zero-day threats and APTs by providing proactive IPS detection well in advance of patches or updated provided by the vulnerable vendor(s). Listed are notifications of vulnerabilities we believe to be in a zero-day state after discovering and reporting to the affected vendor(s). Entries will only be listed once the vendor has confirmed, or we have not had a response from the vendor after four weeks. Only high level details are presented here since the vulnerability is still zero-day.

FortiGuard Labs actively research and discover zero-day vulnerabilities in products which are likely candidates that a hacker would also uncover. Once the flaw is discovered, it is confidentially disclosed to the affected vendor(s) under our Responsible Disclosure protocols. Our team proactively discovers these with the following goals:

1) Protect our customers via zero-day IPS for the zero-day flaws that we exclusively uncover. Since FortiGuard Labs discovers the Proof of Concept (POC), we can create protection well in advance before a vendor patch / update is available. It's an effective and important component of Advanced Persistent Threat protection.

2) Notify the vendor(s) immediately via PSIRT so that they may plan to patch the hole and protect their clients.

3) Reduce the number of holes that malicious attackers may find, adding resistance to their efforts.