The term zero day vulnerability (zero day attack or even zero day exploit) gets thrown around a lot in security circles. We often hear it in reports from security vendors regarding recently discovered threats. But what is a zero day vulnerability anyway? Perhaps a lot of ‘average’ computer users hear this term, but would like a simple definition… well here it is.
The short version: A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.
High Tech Bridge Information Security Systems describes a Zero Day vulnerability as “a vulnerability in software for which a patch is not yet released by the vendor, so hackers can compromise the vulnerable software even if all the necessary patches and updates are properly installed. Hackers usually take an advantage of a ZERO day vulnerability to compromise well-protected systems. Usually 0days vulnerabilities are exploited by worms in order to gather a botnet.