If you’ve heard the phrase “zero-day exploit” being used in terms of computer security but have no idea what it means, then you’re in the right place.
In its simplest term, a zero-day vulnerability (or exploit) is a vulnerability in a software program (like an Internet browser or an operating system) that cyber-criminals have become aware of, yet the developer of the software isn’t aware of. A zero-day vulnerability, if discovered by the wrong people, will inevitably lead to a zero-day attack. I.e. the criminals utilise the vulnerability to start an attack.
It is called “Zero-Day” because the developer of the software has had zero days’ notice to fix the vulnerability before it has become known to criminals, and consequently must rush to fix the vulnerability and prevent further attacks.
Upon the developer noticing the vulnerability, they must release a fix, also called a “patch”, which they will then issue to anyone using the affected software, usually in the form of an update which can be downloaded from the Internet.
Often exploits or vulnerabilities are first discovered in software by the developers, or by individuals or companies that are on the developers side (i.e. “the good guys”) in which case it is not referred to as a Zero-Day vulnerability, since the developer as presumably been given a head start in trying to fix the vulnerability before it is discovered by “the bad guys”.
In the past, most large software companies have – at some point – been hit with Zero-Day exploits, including Microsoft, Adobe and Mozilla. The Adobe Flash player plugin suffered a triple Zero-Day attack in earl 2015 where 3 Zero-Day exploits were discovered within a very short time frame. 2010 is a notorious year for Zero-Day attacks, with several large companies being attacked that year.
Can you avoid a Zero-Day exploit?
Unlike most Internet threats, a Zero-Day vulnerability or exploit is difficult for the user to avoid because the issue is within the software itself, and nothing to do with the user. And as we explained above, we don’t really get any notice of Zero-Day exploits.
However it is always good to keep your ear to the ground. Often software developers will warn users about a current exploit before they’ve had a chance issue a fix, in which case you should avoid using that software until it is patched.
Remember to keep your software updated so any security holes that have patches available will be fixed as soon as possible. And as usual, remember to run regular antivirus scans with your Internet security software. We recommend once a week.