Zero-Day Vulnerability
Definition
A zero-day vulnerability is a flaw in a computer software that is unknown to those who should be interested in mitigating it, including the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network.
Why It Matters
Zero-day vulnerabilities are extremely dangerous because no patch or defense exists for them yet. This gives attackers a wide-open window to exploit the vulnerability before the vendor can fix it.
Contextual Example
A security researcher discovers a new, previously unknown flaw in a popular web browser that allows for remote code execution. They sell this information on the dark web instead of reporting it. Attackers can now use this "zero-day" to attack users of the browser until the vendor discovers and patches the flaw.
Common Misunderstandings
- A "zero-day exploit" is the malicious code used to attack a zero-day vulnerability.
- The "zero" refers to the fact that the vendor has had zero days to fix the problem.