What is a zero-day exploit? Definition and prevention tips
July 14, 2023 3 min
Zero-day exploit definition
A zero-day exploit is when hackers discover a software gap or flaw they can use to gain access to users’ information or computers.
It may seem like there are endless cybersecurity threats out there. Among them, one sounds particularly ominous—the zero-day exploit. This is when hackers crawl software to find a security flaw developers missed. In most cases, no one knows this flaw exists until it's too late and hackers have already used the vulnerability to their advantage.
Who should be worried about zero-day exploits? Is there anything you can do to prevent them? We’ll cover your top questions about zero-day exploits so you can practice safer internet habits.
What is a zero-day exploit?
A zero-day exploit is when hackers discover a software gap or flaw they can use to gain access to users’ information or computers. By the time the gap is discovered by developers, it’s typically already being used by cybercriminals, hence the name zero-day exploit—time is of the essence, so developers have zero days to resolve the issue.
How do zero-day attacks work?
Zero-day attacks begin with zero-day vulnerabilities, meaning flaws or holes in security software. These can result from improper computer or security configurations or programming errors by developers themselves.
Cyberattackers exploit these vulnerabilities without developers knowing. Cyberattackers might write—or purchase from the dark web —exploit codes to spot these vulnerabilities.
When they find a vulnerability, it’s akin to a welcome mat for a zero-day attack. And what hackers often bring to the door is malware, also known as zero-day malware or, more broadly, a zero-day exploit.
Attackers might deliver malware by way of social engineering tactics or phishing. Once the zero-day exploit is downloaded on devices, the attacker can execute the zero-day attack. The havoc that ensues may include:
Zero-day attacks are inherently stealthy, so it can take months or even years to be uncovered. But in some cases, developers might be able to stop or patch vulnerabilities before too much damage is caused.
In simpler terms, you might think of a zero-day attack like a robber finding a door that’s consistently left unlocked in a store. They continue robbing the store through that unlocked door until the store owner discovers the flaw (hopefully before too much inventory is stolen).
Who conducts zero-day attacks?
While software developers are constantly looking to patch security vulnerabilities—we see this in the form of software updates—cyberattackers are constantly seeking to exploit them. There are many types of cyberattackers, each with their own motivations:
Hacktivists might use a zero-day exploit to discover information related to social or political causes.
Cybercriminals might use a zero-day exploit to gain access to financial or personal information and commit identity theft.
Foreign actors might use a zero-day exploit to discover sensitive information about a nation.
Corporate spies might use a zero-day exploit to discover information about competing organizations or corporations.
There are also many different motivations behind a zero-day exploit. Hackers might be attempting any of the following:
Stealing personal or financial data
Stealing contact lists to use or sell to other scammers
Mass-installing spyware or malware
Gaining remote access to users’ devices
Zero-day exploit vs. vulnerability vs. attack
You might hear the terms zero-day exploit, vulnerability, or attack when discussing hacking, but how are they different?
Refers to the flaw in the software hackers discover
Refers to the act of hackers gathering data once they discover the vulnerability
Refers to hackers using the data gathered from the exploit to commit cybercrimes
In practice, a zero-day vulnerability is a software gap developers miss and hackers discover. Once hackers discover this vulnerability, they use it to gather information through a zero-day exploit. When they use that information against individuals or a group, it’s a zero-day attack.
Who’s at risk?
The potential victims of a zero-day exploit depend on who’s behind the attack and their motivations. This is why zero-day exploits can be so risky—they can affect anyone or any organization.
Anyone who uses an internet-connected device (and who isn’t in the age of the Internet of Things) could be at risk of a zero-day exploit. Typically, potential victims fall into these categories:
Individual device users
Businesses of any size
How are zero-day exploits discovered?
Zero-day exploits are notoriously hard to spot because they’re often in developers’ blind spots. Machine learning and programs using malware databases can help inspect software code to determine whether hackers have exploited a zero-day vulnerability or find potential flaws before they’re exploited.
Famous zero-day exploits
Zero-day exploits tend to be a big deal when they occur. You might remember some of these famous cyberattacks that were attributed to zero-day exploits.
In 2010, a malware called Stuxnet caused Iranian uranium centrifuges to self-destruct. It’s never been confirmed which nation created Stuxnet, but this is the most famous instance of a zero-day attack against a government.
In 2014, Sony was the victim of a zero-day attack which targeted the company as a whole and caused a data breach. This attack led to the release of sensitive business plans, details of unreleased projects, and personal contact information of top executives.
In early 2020, a zero-day exploit allowed hackers to take over individual Zoom meetings. This practice, which was commonly known as Zoombombing, particularly affected schools that had switched to online learning due to the COVID-19 pandemic.
Zero-day exploit protection tips
Zero-day exploits take advantage of unknown software bugs, so there’s no way to truly prevent them. However, there are some steps you can take as an individual to improve your personal cybersecurity and practice safer online habits.
1. Always update systems and software
Stop ignoring those notifications about software updates on your devices. They might seem pesky, but they often include patches that fix software gaps as developers discover them. The longer your devices have these gaps, the more likely you are to be affected by a zero-day exploit.
2. Delete unnecessary software
If your device is full of programs and software you seldom use, consider deleting them. Not only will this free up space—and potentially improve how your device runs—but less software means less potential to become a victim of a zero-day exploit. Also avoid using third-party app stores to download software or applications.
3. Use a firewall, antivirus software, and a VPN
The trifecta of personal internet defense includes firewalls, antivirus software, and VPNs.
Firewallsfilter unwanted traffic between a device and the internet.
Antivirus software detects and removes viruses and malware from devices.
VPNsdisguise your device’s IP address when using the internet.
These measures make your information harder to access and reduce the risks that come from using the internet. Norton 360 Deluxe is an all-in-one protection plan that includes all three defenses.
One of the first steps to using devices safely is knowing your risk. Stay up to date on recent cyberattacks and keep up with best practices for personal internet safety—after all, cybersecurity is always evolving.
Zero-day exploits are tough to spot, but that doesn’t mean there’s nothing you can do about them. With our top tips, you can practice internet safety every day and improve your personal Cyber Safety.
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.