A “zero day” may refer to either a vulnerability or an exploit. A zero-day vulnerability is a vulnerability—a flaw or weakness—in software about which the developer of that software is yet unaware. The weakness leaves the software susceptible to attack.
Web browsers, software products, computer programs, and applications are typical examples of vulnerable, and thus exploitable, software. Zero-day vulnerabilities are tricky because, if a weakness is not known, the developer or vendor cannot create a patch—or fix—to resolve the issue. Developing patches may take time, and the result may be a zero-day exploit.
A zero-day exploit is the resulting attack that occurs before the developer or software vendor has the opportunity to patch. The “zero” in zero day refers to the number of days a vulnerability is known, thus a zero-day exploit means that the exploit occurred before anyone knew a problem existed.
While it might seem odd to categorize a vulnerability or attack as a “zero day” (why would anyone or any company knowingly ignore a known flaw?), in fact many vulnerabilities are not only well known, but have been so for many years, allowing attackers to exploit them again and again.
Get the DeMISTIfying InfoSec newsletter every Tuesday!