Zero-Day Vulnerability
A software vulnerability unknown to the vendor, exploited by attackers before a patch is available.
Also: 0-day · zero-day exploit
Definition
A zero-day vulnerability is a security flaw in software or hardware that is unknown to the party responsible for patching or fixing it — typically the software vendor. The term 'zero-day' refers to the fact that developers have had zero days to fix the issue. Zero-day exploits are highly valuable to attackers because no patch exists, making all systems running the vulnerable software potentially compromised. They are used by nation-state actors in cyber espionage and sold on black markets.
Example
“Attackers exploited a zero-day vulnerability in a VPN product before the vendor knew it existed, compromising thousands of corporate networks worldwide.”
Synonyms
- unpatched vulnerability
- unknown exploit
- zero-day exploit
Antonyms / Opposites
- patched vulnerability
- known vulnerability
Images
CC-licensed · free to useVideo
Related Terms
- vulnerability
- exploit
- patch-management
- threat-intelligence