What is a “Zero-Day Exploit” or “Zero-Day Vulnerability” ?

ByCraig Haley

If you’ve heard the phrase “zero-day exploit” being used in terms of computer security but have no idea what it means, then you’re in the right place.

In its simplest term, a zero-day vulnerability (or exploit) is a vulnerability in a software program (like an Internet browser or an operating system) that cyber-criminals have become aware of, yet the developer of the software isn’t aware of. A zero-day vulnerability, if discovered by the wrong people, will inevitably lead to a zero-day attack. I.e. the criminals utilise the vulnerability to start an attack.

It is called “Zero-Day” because the developer of the software has had zero days’ notice to fix the vulnerability before it has become known to criminals, and consequently must rush to fix the vulnerability and prevent further attacks.


Sponsored Content. Continued below...




Upon the developer noticing the vulnerability, they must release a fix, also called a “patch”, which they will then issue to anyone using the affected software, usually in the form of an update which can be downloaded from the Internet.

Often exploits or vulnerabilities are first discovered in software by the developers, or by individuals or companies that are on the developers side (i.e. “the good guys”) in which case it is not referred to as a Zero-Day vulnerability, since the developer as presumably been given a head start in trying to fix the vulnerability before it is discovered by “the bad guys”.

In the past, most large software companies have – at some point – been hit with Zero-Day exploits, including Microsoft, Adobe and Mozilla. The Adobe Flash player plugin suffered a triple Zero-Day attack in earl 2015 where 3 Zero-Day exploits were discovered within a very short time frame. 2010 is a notorious year for Zero-Day attacks, with several large companies being attacked that year.


Sponsored Content. Continued below...




Can you avoid a Zero-Day exploit?

Unlike most Internet threats, a Zero-Day vulnerability or exploit is difficult for the user to avoid because the issue is within the software itself, and nothing to do with the user. And as we explained above, we don’t really get any notice of Zero-Day exploits.

However it is always good to keep your ear to the ground. Often software developers will warn users about a current exploit before they’ve had a chance issue a fix, in which case you should avoid using that software until it is patched.

Remember to keep your software updated so any security holes that have patches available will be fixed as soon as possible. And as usual, remember to run regular antivirus scans with your Internet security software. We recommend once a week.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)