What is a Zero-Day Vulnerability? featured image

What is a Zero-Day Vulnerability?

by John DiGiacomo

Partner

Data Breach

In the realm of cyber security there are many types of attacks and vulnerability exploits that can be used by hackers to gain unauthorized access to computer systems: viruses, Trojans, malware, ransomware, phishing, and a number of different software vulnerabilities. So, what exactly is a zero-day vulnerability and what makes this type of vulnerability so attractive to hackers? A zero-day vulnerability in software code or a browser means that a software vendor has prepared a piece of programming that has a vulnerability in it that the vendor is unaware of. To say this another way, the software contains a vulnerability and is flawed from the start.

Hackers identify and exploit these vulnerabilities before the software developer can identify them and correct them with a software patch. As such, these vulnerabilities are known in the cyber security world as zero-day vulnerabilities. Since the hacker makes the first move by creating code that can exploit the vulnerability in the software, the attack is called a zero-day attack.

Hackers love to exploit zero-day vulnerabilities because they get the benefit of the first-mover advantage. That is, the greatest ability to gain from the vulnerability before a patch can be developed to fix the flaw in the software. The hacker can exploit the vulnerability for as long as it takes for the software developer to identify the vulnerability, create a patch to fix the vulnerability, and deploy the patch to vulnerable systems. It can take a long time for zero-day vulnerabilities to be identified. This leaves the hacker free to profit from the holes in the software code until it is fixed.

Zero-Day Vulnerability Statistics

According to Symantec, in 2015 there were 54 zero-day vulnerabilities that were identified, which is an increase of 125% over the previous year. Effectively, there was one new zero-day vulnerability identified every week in 2015. Nearly 20% of zero-day vulnerabilities were identified as being Flash Player related. This has prompted many companies to have their information technology specialists phase-out the use of Flash Player from their systems. It usually takes about a week from when the software developer or the public identifies a zero-day vulnerability for a patch to be developed, distributed, and deployed.

What Businesses Can Do to Help Avoid Zero-Day Attacks

Since zero-day vulnerabilities are flaws in software, there is little that businesses can do to prevent them from existing in the first place. However, businesses can help reduce their risk and exposure by monitoring for system updates. Taking immediate action to install these patches when they are distributed can help close vulnerabilities in software systems. Installing patches should be a regular component of cyber security best practices.

If you have been hacked due to a zero-day vulnerability, you should speak with an experienced data breach lawyer to determine your legal options and obligations under the law after a system hack. If you have concerns about what you need to do in the event of a breach, you can contact the experienced attorneys at Revision Legal. Contact us using the form on this page or call us at 855-473-8474.

Image credit to Flickr user George Postoronca.

Editor’s note: this post was originally published in January 2017. It has been updated for clarity and comprehensiveness.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side