Date First Published: 5th May 2023
Topic: Cybersecurity
Subtopic: Threats To Systems, Data & Information
Article Type: Computer Terms & Definitions
Difficulty: MediumDifficulty Level: 6/10
Learn more about what a zero-day vulnerability is in this article.
A zero-day vulnerability, also known as a zero-day flaw, or a zero-day threat, is a security hole in a software program, operating system, website, web browser, hardware, or firmware, that the developer is unaware of or has not yet patched. The developer has had "zero days" to prepare for it as no patches exist for it, making attacks likely to succeed before the developer has a chance to fix it. This means that the developer needs to release a patch that fixes the security hole as soon as possible or else it will leave systems vulnerable to security issues.
Once the vulnerability is discovered and fixed, it is no longer a zero-day threat. As more users apply the update, the chances of the zero-day exploit succeeding gradually decrease over time. However, users with outdated software will still be vulnerable to the zero-day attack.
Vulnerabilities are unintentional flaws caused by programming errors or improper configuration that can lead to viruses, worms, Trojan horses, or other malicious code running in the software program, operating system, website, web browser, hardware, or firmware. This can expose end users to all sorts of security risks, including a loss of important data, theft of sensitive information, and more.
Zero-day vulnerabilities can go unnoticed by the developer for weeks, months, or even years and can be hard to prevent, so end users could be exposed to security risks for a long time without the developer knowing. This is why it is important for developers to regularly scan for zero-day vulnerabilities and not delay releasing patches or updates.
These three zero-day terms mean different things. A zero-day vulnerability is simply a security hole in a software program, operating system, website, web browser, hardware, or firmware, that the developer is unaware of or has not yet patched. A zero-day exploit takes advantage of a zero-day vulnerability that has no fix in place and is the method attackers use to attack systems. A zero-day attack is when attackers use a zero-day exploit to harm a system affected by the vulnerability.
There is no single way to completely prevent zero-day attacks. However, there are five things that can prevent and reduce the impact of zero-day attacks, which include firewalls, browser isolation, backups, antiviruses, and intrusion protection systems.
Firewalls work by monitoring incoming and outgoing traffic and blocking any suspicious activity and web threats. Firewalls can block malicious content from reaching a trusted network and filter out the trusted from the untrusted based on previous network traffic patterns. Since firewalls monitor traffic, they can block traffic that targets a zero-day vulnerability.
Client-side browser isolation ensures that the content and code are separate from the browser process and keeps programs running separately. For example, JavaScript has strong security measures in place that were implemented by Sun Microsystems, such as secure sandboxing. This means that JavaScript is isolated to the browser process and cannot read or write files on a hard drive or inspect the computer hardware.
Whilst keeping backups does not prevent zero-day attacks from happening, they do greatly reduce the risks of them and prevent you from permanently losing your data. If a zero-day attack deleted, corrupted, or encrypted your files to make them inaccessible, you would still have another copy of your files and would be able to recover them if you had a backup.
Antiviruses can detect and remove known viruses and other unwanted software onto a computer and need to be updated to be able to detect the latest threats. However, zero-day threats can be difficult to detect by antiviruses as the vulnerability may not be added to the database and the antivirus software may not have a way to detect it. However, antiviruses that rely on behaviour-based detection and advanced heuristics can also detect and block zero-day threats.
Intrusion protection systems are designed to protect a company's network from unusual activity. Unlike antiviruses, they do not check software against databases of known threats and don't need updating to be able to detect the latest threats. They monitor the daily patterns of network activity and can spot traffic that targets a zero-day vulnerability.
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection