Fandom

The IT Law Wiki

Zero-day exploit

32,191pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

A zero-day exploit (also called a zero-day attack) is

[a]n attack against a software vulnerability that has not yet been addressed by the software maintainers. These attacks are difficult to defend against as they are often undisclosed by the vendor until a fix is available, leaving victims unaware of the exposure.[1]
a threat aimed at exploiting a software application vulnerability before the application vendor becomes aware of it and before the vulnerability becomes widely known to the internet security community. These attacks are among the hardest to mitigate and leave computers and networks extremely vulnerable.[2]

Overview Edit

Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability.

The term derives from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security fix to users of the software. (In computer science, numbering often starts at zero instead of one.)

References Edit

  1. Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, at 117.
  2. Data Security: Top Threats to Data Protection, at 4.


This page uses Creative Commons Licensed content from Wikipedia (view authors). Smallwikipedialogo.png

Also on Fandom

Random Wiki