What It Is
A zero-day vulnerability (also know as zero-day flaw, zero-day exploit) is at its core, a flaw. It is an exploit in the wild that was previously undiscovered, which exposes a vulnerability in software or hardware. A zero-day vulnerability will often create complicated problems well before anyone realizes there is an issue – a zero-day exploit leaves NO opportunity for detection, at least at first.
An Example Timeline
A zero-day attack happens once that previously unknown software/hardware vulnerability is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability—hence “zero-day.” Let’s break down the steps of the window of vulnerability:
- Software developers create software, however, unbeknownst to them it contains a vulnerability
- The malicious party (aka hacker) notices the vulnerability either before the software developer does or acts on it before the developer has a chance to fix it
- The attacker writes and implements code whose sole purpose is to exploit the software/hardware while the vulnerability is still open and available
- After the exploit is actively preying on vulnerable servers, either the public recognizes it in the form of identity or information theft, or the developer catches it and creates a patch to mitigate the risk
- Once a patch is written and confirmed effective, the exploit is no longer called a zero-day vulnerability. In the real world, attacks are rarely discovered right away and often take days, months, or sometimes years before a developer learns of the vulnerability that led to an attack.