What is a Zero Day Exploit?

Mary McMahon

A zero day exploit is a piece of malicious code which takes advantage of a vulnerability in a piece of software which has not yet been discovered by the vendor. This code can do a great deal of damage before the vendor realizes the problem and develops a patch or a new version of the software, and many vendors test their programs rigorously before release with zero day exploits in mind. Because this type of malicious code relies on vulnerabilities which aren't widely known yet, it can be difficult for computer users to protect themselves from it.

A zero day exploit is an attack that uses a known weakness in a computer program.
A zero day exploit is an attack that uses a known weakness in a computer program.

In a simple example of a zero day exploit, a hacker might realize that the new version of an Internet browser has a security flaw which could potentially allow a hacker to insert malicious software onto the user's computer. He or she would write the code to install the software, and plant it on websites or in email, so that when users came into contact with the code, they would be infected with it. Eventually, the software vendor would realize that there was a problem, and issue a patch to fix the problem and address the zero day exploit.

The general rule of thumb in the computing community is that if someone notices a security vulnerability or flaw which could be an issue, he or she should report it to the vendor. Most ethical computer scientists and people who work with computers do just that. However, hackers, producers of malware, and other less friendly members of the community usually do not, because they want to take advantage of the vulnerability before the vendor realizes it exists. In fact, some people specialize in uncovering vulnerabilities and selling them.

From a hacker's point of view, the best zero day exploit is deployed before the vendor sees a problem. In other cases, the exploit may be released during the vulnerability window, the period of time between the discovery of the issue and the development of a patch to address it. Vulnerability windows can vary in length, depending on the vendor, the program, and the nature of the problem. The term "zero day exploit" references the idea that the code is released on "day zero," before the vendor has recognized an issue.

People can protect themselves from zero day exploits by downloading new versions and patches of the software they use promptly, and utilizing trusted sources for these patches. If users aren't sure about whether a prompt to download a new version of patch is legitimate, they should go to the vendor's website or call the vendor to confirm that a patch has been issued, and to find a safe download source. Maintaining an aggressive firewall is also important, as it can keep malicious code at bay.

Discuss this Article

Post your comments
Forgot password?