What is a Zero-Day Vulnerability?

Posted in on July 5, 2021

What It Is
A zero-day vulnerability (also know as zero-day flaw, zero-day exploit) is at its core, a flaw. It is an exploit in the wild that was previously undiscovered, which exposes a vulnerability in software or hardware. A zero-day vulnerability will often create complicated problems well before anyone realizes there is an issue – a zero-day exploit leaves NO opportunity for detection, at least at first.

An Example Timeline
A zero-day attack happens once that previously unknown software/hardware vulnerability  is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability—hence “zero-day.” Let’s break down the steps of the window of vulnerability:

  1. Software developers create software, however, unbeknownst to them it contains a vulnerability
  2. The malicious party (aka hacker) notices the vulnerability either before the software developer does or acts on it before the developer has a chance to fix it
  3. The attacker writes and implements code whose sole purpose is to exploit the software/hardware while the vulnerability is still open and available
  4. After the exploit is actively preying on vulnerable servers, either the public recognizes it in the form of identity or information theft, or the developer catches it and creates a patch to mitigate the risk
  5. Once a patch is written and confirmed effective, the exploit is no longer called a zero-day vulnerability. In the real world, attacks are rarely discovered right away and often take days, months, or sometimes years before a developer learns of the vulnerability that led to an attack.

Previous Months