What Is a Zero-Day?
A zero-day vulnerability (flaw) is an unknown exploit in the wild leveraging a vulnerability in software or hardware. The flaw can create various complications before anyone realizes that something is wrong, thus making it “zero-day.”
Zero-Day Flaw, Zero-day Exploit, Zero-Day Attack
Zero-day, or 0-day, refers to a vulnerability, exploit, and attack. These are usually used alongside the zero-day name. Despite being very similar, the three terms have some differences:
- A zero-day vulnerability is a software bug that cybercriminals discover prior to the vendor becoming aware of the issue. Since the software vendor is unaware of it, there is no existing patch, making attacks highly possible to take place.
- A zero-day exploit is the method that cybercriminals create to make use of the vulnerability in attack scenarios.
- A zero-day attack is the deployment of the zero-day exploit in an actual attack, which may aim to steal sensitive data from the vendor or cause other forms of damage.
Examples of zero-day vulnerabilities include CVE-2022-0609 in Google Chrome, CVE-2022-24086 in Adobe’s Commerce and Magento open-source products. Zero-day vulnerabilities are usually assigned numbers known as CVE (Common Vulnerabilities and Exposures).
Each number is unique to the specific vulnerability. Depending on their severity, zero-days can be low, medium, high or critical.
For more definitions, check our Cyber Dictionary.