Zero-Day Vulnerability
A software vulnerability unknown to the vendor, exploitable before a patch is available
Also known as: Zero-Day, 0-Day, Zero-Day Exploit
Category: Concepts
Tags: security, vulnerabilities, threats, exploits, cybersecurity
Explanation
A zero-day vulnerability (also written as 0-day) is a software security flaw that is unknown to the software vendor and for which no patch or fix exists. The term 'zero-day' refers to the fact that developers have had zero days to address the vulnerability since it has not yet been publicly disclosed or discovered by the vendor. These vulnerabilities are particularly dangerous because they can be exploited before any defensive measures are available.
Zero-day vulnerabilities are discovered by security researchers, criminal hackers, or state-sponsored actors. Once discovered, they may be responsibly disclosed to vendors, sold on black markets to cybercriminals, or hoarded by intelligence agencies for offensive operations. A zero-day exploit is the actual code or technique that takes advantage of the vulnerability. The window between discovery and patch deployment is when systems are most vulnerable.
Notable zero-day exploits include Stuxnet (2010), which used four Windows zero-days to sabotage Iranian nuclear centrifuges. The Pegasus spyware from NSO Group has exploited numerous iOS and Android zero-days for surveillance. The Log4Shell vulnerability (2021) in the Log4j library affected millions of applications worldwide. Zero-days are valued at hundreds of thousands to millions of dollars on exploit markets.
Defenses include defense-in-depth strategies, network segmentation, behavior-based detection systems, application sandboxing, prompt patching when fixes become available, threat intelligence subscriptions, vulnerability disclosure programs, and maintaining incident response capabilities. Organizations should also implement least privilege principles and monitor for anomalous behavior that might indicate exploitation.
Related Concepts
← Back to all concepts