Extended Slovník

Zero-day vulnerability

A zero-day vulnerability is a software flaw unknown to the vendor or public, giving attackers zero days to exploit it before a fix is available, often leading to critical data breaches or system compromise.

A zero-day vulnerability refers to a security flaw in software or hardware that is unknown to the party responsible for patching or fixing the bug—the vendor—and, crucially, also unknown to the general public. This means there are zero days between the time the vulnerability is first discovered and the availability of a patch.

Attackers can exploit these vulnerabilities to compromise systems, steal data, or launch other malicious activities without anyone being aware of the underlying flaw or having a defense ready. Zero-day exploits are highly coveted in the cybercriminal underground and by state-sponsored actors due to their effectiveness and stealth.

Once discovered by the vendor and a patch is released, it ceases to be a zero-day vulnerability and becomes a known vulnerability or N-day vulnerability.

Why Are Zero-day Vulnerabilities So Dangerous?

Zero-day vulnerabilities pose exceptional risks for several reasons:

  • No existing defense: Since the flaw is unknown, traditional security tools like antivirus software and firewalls cannot detect or block exploits targeting it.
  • Extended exposure window: Organizations remain vulnerable from the moment the flaw exists until a patch is developed, tested, and deployed—which can take weeks or months.
  • High-value targets: Attackers often reserve zero-day exploits for high-profile targets, including government agencies, critical infrastructure, and large enterprises.
  • Supply chain risks: A single zero-day in widely-used software can affect millions of users and systems simultaneously.

How Do Zero-day Vulnerabilities Work?

The lifecycle of a zero-day vulnerability typically follows these stages:

  1. Discovery: A security researcher, hacker, or automated tool identifies an unknown flaw in software or hardware.
  2. Exploitation: If discovered by malicious actors, they develop an exploit—code designed to take advantage of the vulnerability.
  3. Attack deployment: The exploit is used in targeted attacks or sold on underground markets to other threat actors.
  4. Detection: Security teams or researchers eventually notice suspicious activity and investigate.
  5. Disclosure and patching: The vendor is notified (or discovers the flaw independently) and releases a security patch.

When Was the First Zero-day Vulnerability Discovered?

While the exact origin is difficult to pinpoint, the term "zero-day" gained prominence in the 1990s within hacker communities. The concept became widely recognized in mainstream cybersecurity discourse in the 2000s as high-profile attacks demonstrated the devastating potential of unknown vulnerabilities.

Which Systems Are Most Susceptible to Zero-day Vulnerabilities?

While any software can contain zero-day flaws, certain systems are more frequently targeted:

  • Operating systems: Windows, macOS, Linux, and mobile operating systems are prime targets due to their widespread use.
  • Web browsers: Chrome, Firefox, Safari, and Edge are constantly targeted because they process untrusted web content.
  • Enterprise software: Applications like Microsoft Office, Adobe products, and collaboration tools.
  • Network infrastructure: Routers, firewalls, and VPN appliances from vendors like Cisco, Fortinet, and Palo Alto Networks.
  • Industrial control systems (ICS): SCADA systems and other operational technology used in critical infrastructure.

Notable Examples

Stuxnet Worm (2010)

The Stuxnet worm exploited multiple zero-day vulnerabilities in Windows and Siemens industrial control systems. This sophisticated attack primarily targeted Iran's nuclear program, causing physical damage to centrifuges. It demonstrated how zero-day exploits could be weaponized for cyber warfare against critical infrastructure.

Heartbleed Bug (2014)

Heartbleed was a critical zero-day vulnerability in OpenSSL's cryptography library that allowed attackers to steal sensitive information from servers, including encryption keys and user credentials. Because OpenSSL was so widely used, the vulnerability affected an estimated 17% of secure web servers worldwide.

Protection Strategies

While zero-day vulnerabilities cannot be entirely prevented, organizations can reduce their risk:

  • Defense in depth: Implement multiple layers of security controls to limit the impact of any single exploit.
  • Behavioral analysis: Use advanced threat detection tools that identify suspicious behavior rather than relying solely on known signatures.
  • Network segmentation: Isolate critical systems to contain potential breaches.
  • Rapid patching: Maintain robust patch management processes to quickly deploy fixes once they become available.
  • Threat intelligence: Subscribe to feeds from organizations like CISA and monitor vulnerability databases such as CVE.
← Back to Glossary