A zero-day vulnerability that is not known to the vendor yet but has been discovered by some attackers. When attacker exploits such vulnerabilities for which the patch has not been released, to break into a system, it is known as a zero-day attack.
A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability—hence “zero-day.”
Let’s break down the steps of the window of vulnerability:
- A company’s developers create software, but he is not aware that it contains a vulnerability.
- An attacker spots that vulnerability either before the developer does or acts on it before the developer has a chance to fix it.
- An attacker writes and implements exploit code while the vulnerability is still open and available.
- After releasing the exploit, either the public recognizes it in the form of identity or information theft or the developer catches it and creates a patch to staunch the cyber-bleeding.
Once a patch is written and used, the exploit is no longer called a zero-day exploit. These attacks are rarely discovered right away. In fact, it often takes not just days but months and sometimes years before a developer learns of the vulnerability that led to an attack.
Here are three example of past zero-day exploits:
– Windows: In May, Google security engineer Tavis Ormandy announced a zero-day flaw in all currently supported releases of the Windows OS. According to his claim, the troubled code is more than 20 years old, which means “pre-NT”.
– Java: In March, Oracle released emergency patches for Java to address two critical vulnerabilities, one of which was actively used by hackers in targeted attacks. They received the highest possible impact score from Oracle and can be remotely exploited without the need for authentication such as a username and password. The risk applies to both Windows and Mac devices.
– Acrobat Reader: In February, a zero-day exploit was found that bypasses the sandbox anti-exploitation protection in Adobe Reader 10 and 11. According to Costin Raiu, director of Kaspersky Lab’s malware research and analysis team, the exploit is highly sophisticated, it is likely either a cyber-espionage tool created by a nation state or one of the so-called lawful interception tools sold by private contractors to law enforcement and intelligence agencies for large sums of money.Share This: