Zero-day vulnerability: What it is, and how it works

A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals.

What is a software vulnerability?

In the world of cyber security, vulnerabilities are unintended flaws found in software programs or operating systems. Vulnerabilities can be the result of improper computer or security configurations and programming errors. If left unaddressed, vulnerabilities create security holes that cybercriminals can exploit.

Why do vulnerabilities pose security risks?

Hackers write code to target a specific security weakness. They package it into malware called a zero-day exploit. The malicious software takes advantage of a vulnerability to compromise a computer system or cause an unintended behavior. In most cases, a patch from the software developer can fix this.

What if your computer becomes infected? Exploit malware can steal your data, allowing hackers to take unauthorized control of your computer. Software can also be used in ways that were not originally intended — like installing other malware that can corrupt files or access your contact list to send spam messages from your account. It could also install spyware that steals sensitive information from your computer.

If you’re an everyday computer user, a vulnerability can pose serious security risks because exploit malware can infect a computer through otherwise harmless web browsing activities, such as viewing a website, opening a compromised message, or playing infected media.

What makes a vulnerability a zero-day?

The term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released.

So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed — and perhaps already exploited by hackers.

Once the vulnerability becomes publicly known, the vendor has to work quickly to fix the issue to protect its users.

But the software vendor may fail to release a patch before hackers manage to exploit the security hole. That’s known as a zero-day attack.

What can you do to help protect yourself from zero-day vulnerabilities?

Zero-day vulnerabilities present serious security risks, leaving you susceptible to zero-day attacks, which can result in potential damage to your computer or personal data.

To keep your computer and data safe, it’s smart to take proactive and reactive security measures.

Your first line of defense is to be proactive by using comprehensive security software, like Norton Security, that protects against both known and unknown threats.

Your second line of defense is to be reactive and immediately install new software updates when they become available from the manufacturer to help reduce the risk of malware infection.

Software updates allow you to install necessary revisions to the software or operating system. These might include adding new features, removing outdated features, updating drivers, delivering bug fixes, and most important, fixing security holes that have been discovered.

Follow this security checklist to be sure you are doing everything you can to help keep your information protected from the security risks associated with zero-day vulnerabilities:

• Keep software and security patches up to date by downloading the latest software releases and updates. Installing security patches fixes bugs that the previous version may have missed.
• Establish safe and effective personal online security habits.
• Configure security settings for your operating system, internet browser, and security software.
• Install a proactive and comprehensive security software to help block known and unknown threats to vulnerabilities.

Zero-day attack example

Stuxnet — a type of zero-day vulnerability — was one of the earliest digital weapons used. Stuxnet is a highly infectious self-replicating computer worm that disrupted Iranian nuclear plants. The threat took control of computers. It altered the speed of centrifuges in the plants and shut them down.

Things to remember about zero-day vulnerabilities

1. Keep your software up-to-date to help protect yourself against a zero-day vulnerability. 
2. Check for a solution when a zero-day vulnerability is announced. Most software vendors work quickly to patch a security vulnerability. 
3. Don’t underestimate the threat. Cybercriminals will seek to exploit security holes and gain access to your devices and your personal information. They can use your information for a range of cybercrimes including identity theft, bank fraud, and ransomware. 
4. Always use a reliable security software to help keep your devices safe and secure.