A zero-day exploit (also called a zero-day attack) is
|“||[a]n attack against a software vulnerability that has not yet been addressed by the software maintainers. These attacks are difficult to defend against as they are often undisclosed by the vendor until a fix is available, leaving victims unaware of the exposure.||”|
|“||a threat aimed at exploiting a software application vulnerability before the application vendor becomes aware of it and before the vulnerability becomes widely known to the internet security community. These attacks are among the hardest to mitigate and leave computers and networks extremely vulnerable.||”|
The term derives from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security fix to users of the software. (In computer science, numbering often starts at zero instead of one.)
- ↑ Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, at 117.
- ↑ Data Security: Top Threats to Data Protection, at 4.
|This page uses Creative Commons Licensed content from Wikipedia (view authors).|