A Zero-Day Primer: Six Things You Should Know

What is a zero-day?

A zero-day is a type of unique computer vulnerability that is unknown to victims or vendors, and potentially unknown to everyone in the world except the creator of the zero-day exploit.

What does it mean?

When a bug is discovered the time is considered to be ‘day zero’ (ie, zero days have passed since the discoverer could have started patching their systems against the bug).

Why are the bugs so powerful?

There’s no way to defend against them. They exist before day zero and are therefore only discovered after their first use. A one-time zero-day exploit may go from devastating to useless in a matter of hours (upon its discovery on day zero) but the damage may already have been done.

A Zero-Day Primer: Six Things You Should Know

SPYSCAPE
Share
Share to Facebook
Share with email

What is a zero-day?

A zero-day is a type of unique computer vulnerability that is unknown to victims or vendors, and potentially unknown to everyone in the world except the creator of the zero-day exploit.

What does it mean?

When a bug is discovered the time is considered to be ‘day zero’ (ie, zero days have passed since the discoverer could have started patching their systems against the bug).

Why are the bugs so powerful?

There’s no way to defend against them. They exist before day zero and are therefore only discovered after their first use. A one-time zero-day exploit may go from devastating to useless in a matter of hours (upon its discovery on day zero) but the damage may already have been done.


Who uses zero-days?

They are the most sought-after vulnerabilities in the world, not only by hackers but also by governments. The Stuxnet virus, which some believe was created by the US government, relied on four separate zero-days. Stuxnet is easily detectable by reputable anti-virus software and can be blocked just like the most basic viruses, but when it was created it was a weapon. 

How many are there?

Technically, every new vulnerability is a zero-day, regardless of its complexity or uniqueness. But most are found by multiple people, independently and very quickly, meaning day zero arrives before any real harm can occur. It’s possible though that there are hundreds, potentially thousands, of active zero-days being exploited or waiting to be exploited. It’s not usually in the best interest of the attacker to disclose the presence of a zero-day to the victim, and this ‘hoarding’ of exploits can last for years. 

Should I be worried?

On a personal level, it’s very unlikely that someone would ‘burn’ a zero-day exploit on an individual user. They’re mostly saved for high-value targets.

Read mORE

RELATED aRTICLES

This story is part of our weekly briefing. Sign up to receive the FREE briefing to your inbox.

Gadgets & Gifts

Put your spy skills to work with these fabulous choices from secret notepads & invisible inks to Hacker hoodies & high-tech handbags. We also have an exceptional range of rare spy books, including many signed first editions.

Shop Now

Your Spy SKILLS

We all have valuable spy skills - your mission is to discover yours. See if you have what it takes to be a secret agent, with our authentic spy skills evaluation* developed by a former Head of Training at British Intelligence. It's FREE so share & compare with friends now!

dISCOVER Your Spy SKILLS

* Find more information about the scientific methods behind the evaluation here.