Zero day flaw
A
zero-day exploit,
0-day, or
zero-day flaw is a vulnerability in an
operating system,
software, or
hardware that is exploited the same day it is discovered. These flaws become known to the public when a
malware program
exploits the flaw and compromises the product, computer, or
network connected to the computer. These exploits can cause serious issues and keep a system vulnerable until the company releases a fix.
and/or...
en.wikipedia.org
A
zero-day (also known as a
0-day) is a computer-software
vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated,
hackers can
exploit it to adversely affect programs, data, additional computers or a network.
[1] An exploit taking advantage of a zero-day is called a
zero-day exploit, or
zero-day attack.
The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day software" was obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them.
[2][3][4] Once the vendors learn of the vulnerability, they will usually create
patches or advise
workarounds to mitigate it.
The more recently that the vendor has become aware of the vulnerability, the more likely it is that no fix or mitigation has been developed. Once a fix is developed, the chance of the exploit succeeding decreases as more users apply the fix over time. For zero-day exploits, unless the vulnerability is inadvertently fixed, such as by an unrelated update that happens to fix the vulnerability, the probability that a user has applied a vendor-supplied patch that fixes the problem is zero, so the exploit would remain available. Zero-day attacks are a severe
threat.
[5]
