The concept of "zero-day" encompasses the most recent security flaws that cybercriminals exploit to compromise systems. Its use implies that vendors or developers have only just become aware of the vulnerability, leaving them "zero days" to correct it before it is exploited. A zero-day attack is triggered when cybercriminals exploit the flaw before developers have had a chance to correct it.
This term is sometimes written as "0-day". It is often accompanied by the terms"vulnerability","exploit flaw" and"attack", each of which has a distinct meaning:
- A zero-day vulnerability refers to a security flaw detected by cybercriminals before the software vendor is even aware of its existence. Since the vendor is unaware of the vulnerability, no patch has been developed, allowing attacks to meet with a high success rate.
- A zero-day vulnerability exploit is the method used by cybercriminals to target systems with previously unidentified vulnerabilities.
- A zero-day attack refers to the use of a zero-day vulnerability to compromise an affected system or steal data.