The term zero day vulnerability (zero day attack or even zero day exploit) gets thrown around a lot in security circles. We often hear it in reports from security vendors regarding recently discovered threats. But what is a zero day vulnerability anyway? Perhaps a lot of ‘average’ computer users hear this term, but would like a simple definition… well here it is.
The short version: A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.
High Tech Bridge Information Security Systems describes a Zero Day vulnerability as “a vulnerability in software for which a patch is not yet released by the vendor, so hackers can compromise the vulnerable software even if all the necessary patches and updates are properly installed. Hackers usually take an advantage of a ZERO day vulnerability to compromise well-protected systems. Usually 0days vulnerabilities are exploited by worms in order to gather a botnet.
3 comments
Tweets that mention What is a zero day vulnerability? « Information Carnivore -- Topsy.com says:
Jun 17, 2010
[…] This post was mentioned on Twitter by Daniel Snyder, Daniel Snyder. Daniel Snyder said: Simple definitions: Zero Day Attack (What is it?) http://bit.ly/dgxaHZ […]
No longer can Mac users claim they are safe « Information Carnivore says:
Jul 24, 2010
[…] and patched on a regular basis, they both have bugs, and they can both be exploited by hackers when zero-day’s are […]
BloggersBase Computers says:
Jul 24, 2010
No Longer can Mac users claim they are safe…
I have always preferred PCs over MACs. The first computer I started on however was an Apple ][e followed of course by the Mac Classic. Shortly after that I discovered PC’s and MS-DOS and I was……