Automotive Zero-Day
Vulnerabilities


Why Do Automotive Zero-Day Vulnerabilities Matter?



Unknown and Unpatched

Zero-day vulnerabilities are security flaws, gaps, bugs, or weaknesses that are unknown to the vendors of the affected components or systems and thus have not been fixed or patched.

Real and Impactful

The automotive industry is only just beginning to grasp the reality that exploitation of zero-day vulnerabilities can have a direct impact on vehicles and that keeping up with them is imperative.

Complex and Challenging

With the increasing complexity of the automotive ecosystem, zero-day vulnerabilities pose a formidable challenge for vehicle manufacturers (OEMs), suppliers, and stakeholders.

Automotive Zero-Day Vulnerability Database

The following is a list of automotive vulnerabilities discovered by researchers through Trend Micro’s Zero Day Initiative (ZDI) that are yet to be publicly disclosed. This initial list comprises zero-day vulnerabilities discovered at Pwn2Own Automotive, hosted by VicOne with the ZDI. For each vulnerability, the affected vendor has been contacted and is expected to develop a patch. While the vendors work on patches for these vulnerabilities, VicOne customers are protected from exploitation by virtual patches delivered ahead of public disclosure. These vulnerabilities are handled according to the ZDI Disclosure Policy. The zero-day identifier of a vulnerability refers to the candidate (CAN) number assigned to the vulnerability by the ZDI.



Zero-day identifier Target device Category State

Want to know if you’ve been impacted?
Contact us to learn more

VicOne: Protection Beyond Others’
Against Automotive Zero-Day Vulnerabilities

VicOne’s best-in-class automotive threat intelligence includes early access to vital information on automotive zero-day vulnerabilities, thanks to VicOne’s pioneering partnership with the ZDI. As a result, VicOne’s range of products can detect automotive zero-day vulnerabilities, such as those discovered at Pwn2Own Automotive, even before they are publicly disclosed. By offering early detection capabilities, VicOne empowers automotive OEMs, suppliers, and stakeholders to determine whether their components or systems are vulnerable and to proactively assess risks and potential business impacts ahead of competitors.

VicOne: Accelerating Automotive
Zero-Day Vulnerability Discovery

Brings attention to the ever-expanding connected car attack surface, thereby highlighting the urgency of fortifying the industry against emerging and evolving threats.

Emphasizes the importance of safeguarding the complex components and technologies that make up the modern connected vehicle, paving the way for more robust and resilient cybersecurity protection.

Goes beyond vulnerability disclosures by forging strategic connections and collaborations among security researchers and automotive stakeholders, in a community where groundbreaking discoveries are duly recognized and acted upon.

More Insights Into Automotive
Zero-Day Vulnerabilities From VicOne



VISIT OUR BLOG

Shift to the Best Automotive Zero-Day Threat Intelligence

Contact Us