Also called Day Zero, a zero day attack basically denotes an attack wherein a potentially severe software security vulnerability is exploited. The developer or vendor may not be aware of the attack. Upon detection, the developer has to resolve the issue so that the users of the software program are not impacted. The solution is usually in the form of a software patch. Zero-day attacks, for instance, could be used for attacking IoT (the Internet of things).
Zero-day attacks could involve spyware, malware, or unapproved access to user data. Users could safeguard themselves against the attack by ensuring their software programs are set to update automatically. This would ensure any recommended updates are promptly installed outside of frequently scheduled updates. The software in contention could be operating systems, Internet browsers, antivirus software, etc.
Having an updated antivirus program would not guarantee immunity from zero-day attacks. This is because the antivirus software would not be able to detect the problem until the software weakness is known publicly. Systems that prevent host intrusion also help safeguard against these attacks.
In simpler terms, the zero-day loophole could be thought of as an unlocked vehicle door. The vehicle owner thinks the door is locked, but the thief finds out it’s not. The thief could, as a result, enter the car undetected and rob things from the trunk or glove compartment of the vehicle. The owner of the vehicle may realize he was robbed only a few days later, long after the damage has been done and the robber is gone for good.
While zero-day vulnerabilities and their exploitations are usually linked with criminal hackers, they could also get exploited by state security agencies who would like to use the information for attacks or surveillance. In fact, the demand for such vulnerabilities among state security agencies is quite high. This has helped drive the business for selling and buying information relating to these vulnerabilities.
Zero-day exploits could be publicly disclosed, revealed to the software vendor only, or sold to anyone interested. If sold, the exploits could be sold without or with exclusive rights. The ideal solution for the software company in question would be a white hat or ethical hacker privately disclosing the error or loophole to the firm so that it could get it fixed before criminal or unethical hackers discover and exploit it. However, in certain cases, efforts of multiple parties may be needed to address the vulnerability completely. In such cases, a fully private disclosure may not be feasible.