What is a zero-day exploit? Definition and prevention tips

A woman reads about a zero-day exploit on her computer.

Zero-day exploit definition

A zero-day exploit is when hackers discover a software gap or flaw they can use to gain access to users’ information or computers.

It may seem like there are endless cybersecurity threats out there. Among them, one sounds particularly ominous—the zero-day exploit. This is when hackers crawl software to find a security flaw developers missed. In most cases, no one knows this flaw exists until it's too late and hackers have already used the vulnerability to their advantage.

Who should be worried about zero-day exploits? Is there anything you can do to prevent them? We’ll cover your top questions about zero-day exploits so you can practice safer internet habits.

What is a zero-day exploit?

A graphic explains the different ways the term "zero-day" is used.

A zero-day exploit is when hackers discover a software gap or flaw they can use to gain access to users’ information or computers. By the time the gap is discovered by developers, it’s typically already being used by cybercriminals, hence the name zero-day exploit—time is of the essence, so developers have zero days to resolve the issue.

How do zero-day attacks work?

A graphic explains what a zero-day attack is.

Zero-day attacks begin with zero-day vulnerabilities, meaning flaws or holes in security software. These can result from improper computer or security configurations or programming errors by developers themselves. 

Cyberattackers exploit these vulnerabilities without developers knowing. Cyberattackers might write—or purchase from the dark web  —exploit codes to spot these vulnerabilities.

When they find a vulnerability, it’s akin to a welcome mat for a zero-day attack. And what hackers often bring to the door is malware, also known as zero-day malware or, more broadly, a zero-day exploit.

Attackers might deliver malware by way of social engineering tactics or phishing. Once the zero-day exploit is downloaded on devices, the attacker can execute the zero-day attack. The havoc that ensues may include:       

  • Stolen data
  • Hackers taking remote control of devices
  • Other malware installed
  • Corrupted files
  • Spam messages sent to contact list
  • Spyware installed to steal sensitive information  

Zero-day attacks are inherently stealthy, so it can take months or even years to be uncovered. But in some cases, developers might be able to stop or patch vulnerabilities before too much damage is caused. 

In simpler terms, you might think of a zero-day attack like a robber finding a door that’s consistently left unlocked in a store. They continue robbing the store through that unlocked door until the store owner discovers the flaw (hopefully before too much inventory is stolen). 

Who conducts zero-day attacks?

While software developers are constantly looking to patch security vulnerabilities—we see this in the form of software updates—cyberattackers are constantly seeking to exploit them. There are many types of cyberattackers, each with their own motivations:

A graphic explains the different types of hackers that may use zero-day exploits.


  • Hacktivists might use a zero-day exploit to discover information related to social or political causes.
  • Cybercriminals might use a zero-day exploit to gain access to financial or personal information and commit identity theft.
  • Foreign actors might use a zero-day exploit to discover sensitive information about a nation.
  • Corporate spies might use a zero-day exploit to discover information about competing organizations or corporations.

There are also many different motivations behind a zero-day exploit. Hackers might be attempting any of the following:

  • Stealing personal or financial data
  • Stealing contact lists to use or sell to other scammers
  • Mass-installing spyware or malware
  • Gaining remote access to users’ devices
  • Corrupting files

Zero-day exploit vs. vulnerability vs. attack

You might hear the terms zero-day exploit, vulnerability, or attack when discussing hacking, but how are they different?

Zero-day vulnerability Refers to the flaw in the software hackers discover
Zero-day exploit Refers to the act of hackers gathering data once they discover the vulnerability
Zero-day attack Refers to hackers using the data gathered from the exploit to commit cybercrimes


In practice, a zero-day vulnerability is a software gap developers miss and hackers discover. Once hackers discover this vulnerability, they use it to gather information through a zero-day exploit. When they use that information against individuals or a group, it’s a zero-day attack.

Who’s at risk?

The potential victims of a zero-day exploit depend on who’s behind the attack and their motivations. This is why zero-day exploits can be so risky—they can affect anyone or any organization.

Anyone who uses an internet-connected device (and who isn’t in the age of the Internet of Things) could be at risk of a zero-day exploit. Typically, potential victims fall into these categories:

  • Individual device users
  • Businesses of any size
  • Government agencies

How are zero-day exploits discovered?

Zero-day exploits are notoriously hard to spot because they’re often in developers’ blind spots. Machine learning and programs using malware databases can help inspect software code to determine whether hackers have exploited a zero-day vulnerability or find potential flaws before they’re exploited.

Famous zero-day exploits

Zero-day exploits tend to be a big deal when they occur. You might remember some of these famous cyberattacks that were attributed to zero-day exploits.

In 2010, a malware called Stuxnet caused Iranian uranium centrifuges to self-destruct. It’s never been confirmed which nation created Stuxnet, but this is the most famous instance of a zero-day attack against a government.

In 2014, Sony was the victim of a zero-day attack which targeted the company as a whole and caused a data breach. This attack led to the release of sensitive business plans, details of unreleased projects, and personal contact information of top executives.

In early 2020, a zero-day exploit allowed hackers to take over individual Zoom meetings. This practice, which was commonly known as Zoombombing, particularly affected schools that had switched to online learning due to the COVID-19 pandemic. 

Zero-day exploit protection tips

A graphic includes different zero-day exploit protection tips.

Zero-day exploits take advantage of unknown software bugs, so there’s no way to truly prevent them. However, there are some steps you can take as an individual to improve your personal cybersecurity and practice safer online habits.

1. Always update systems and software

Stop ignoring those notifications about software updates on your devices. They might seem pesky, but they often include patches that fix software gaps as developers discover them. The longer your devices have these gaps, the more likely you are to be affected by a zero-day exploit.

2. Delete unnecessary software

If your device is full of programs and software you seldom use, consider deleting them. Not only will this free up space—and potentially improve how your device runs—but less software means less potential to become a victim of a zero-day exploit. Also avoid using third-party app stores to download software or applications.

3. Use a firewall, antivirus software, and a VPN

The trifecta of personal internet defense includes firewalls, antivirus software, and VPNs.

  • Firewalls filter unwanted traffic between a device and the internet.
  • Antivirus software detects and removes viruses and malware from devices.
  • VPNs disguise your device’s IP address when using the internet.

These measures make your information harder to access and reduce the risks that come from using the internet. Norton 360 Deluxe is an all-in-one protection plan that includes all three defenses.

Stay in the know on zero-day exploits

One of the first steps to using devices safely is knowing your risk. Stay up to date on recent cyberattacks and keep up with best practices for personal internet safety—after all, cybersecurity is always evolving.

Zero-day exploits are tough to spot, but that doesn’t mean there’s nothing you can do about them. With our top tips, you can practice internet safety every day and improve your personal Cyber Safety.

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.