Read Case Study > Jesse Tutt
Founder & CEO
Struggling to tell your APIs from your CDNs? Read our comprehensive cloud computing glossary covering the most common terms.
< Back to glossary
A zero-day vulnerability is a hitherto unknown security flaw in software, hardware, or firmware which an attacker may exploit before the vendor knows of it and patches it. The term “zero-day” originated in the reality that the vendor has zero days in which to find a fix for it, because the bug is already discovered and potentially under exploit by the attacker.
Discovery: Zero-day attacks are typically found by hackers or security researchers before the software vendor.
Exploitation: The vulnerabilities may be exploited by attackers using specially crafted exploits, which are chunks of code developed to take advantage of the security vulnerability.
Attack: A zero-day attack occurs when the exploits are utilized by hackers to exploit systems, steal data, or cause other forms of harm prior to a patch being applied.
Zero-Day Vulnerability: The vulnerability itself.
Zero-Day Exploit: The method or software utilized to exploit the vulnerability.
Zero-Day Attack: The use of an exploit to attack a system.
High Risk: Zero-day vulnerabilities are high-risk because they can be attacked before any defense is in place.
Difficulty in Detection: Since these vulnerabilities are not known, standard security software will not detect them.
Expensive to Acquire: Zero-day exploits are usually bought in the black market at high prices due to their possible effects.
Suppose that a hacker discovers a zero-day flaw in a commonly accessed web browser. The hacker, before the browser developers are able to issue a patch, uses this flaw to execute a zero-day attack, infecting user data and systems. This is a case of the urgency and danger that comes with zero-day vulnerabilities.
Proactive Security Controls: Implement solid security controls, such as continuous monitoring and penetration testing, to identify potential vulnerabilities beforehand.
Quick Response Plans: Maintain plans for speedy response to zero-day attacks, like emergency patching and incident response plans.
Working with Security Researchers: Work in partnership with security researchers to enable responsible disclosure of vulnerabilities so that patches are applied in a timely fashion before attackers can exploit them.
