What is a Zero day exploit?
A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit application vulnerabilities that are unknown to others or the software developer
A life cycle of the Zero-day exploit
- The developer creates software containing an unknown vulnerability
- The attacker finds the vulnerability before the developer does
- The attacker writes and distributes an exploit while the vulnerability is not known to the developer
- The developer becomes aware of the vulnerability and starts developing a fix.
The problem starts when the developer does not receive information about the exploit, while the applications are exploited. Longer the exploit remains in the hands of a few the more “valuable” and dangerous it becomes.
Economics of the Zero day exploits
A security whole can be around for a long time, unless it is known and fixed or the code causes the whole becomes obsolete. Our old understanding of using software product supported by an active community or a big organization makes you reasonably secured as long as you update the security patch as soon as they comes out. Providing our understanding that zero day exploits are publicly available and do not stay Zero-days for long.