Knowledge Center
Navigation
Knowledge Center

Zero-Day Vulnerabilities, Attacks

A vulnerability in a product’s hardware or software discovered by researchers or attackers that the producing company does not know about and therefore does not have a fix for yet.
popularity

Description

A zero-day vulnerability is a vulnerability in a product’s hardware or software that the producing company does not know about and therefore does not have a fix for. Researchers or attackers discover the vulnerability after the product is in the field, and what they do with the information varies. Researchers can announce the vulnerability quietly to the producing company or with public fanfare. Attackers may take advantage of the zero-day vulnerability and stage a zero-day attack. Researchers and attackers can choose to sell the information about the vulnerability. The moment the vulnerability is discovered, it becomes the day zero of vulnerability. The moment the vulnerability becomes known to the producing company, it becomes a known vulnerability and most likely will be cataloged in CWE (Common Weakness Enumeration) system. Presumably the company will produce a fix for the vulnerability.

Zero day describes only how and when the vulnerability was found. It does not describe the vulnerability itself.

Source: Synopsys, “What’s so special about zero-day vulnerabilities?”, September 11, 2018.


Related Entities