Emerging Threats

How do Zero-Day Vulnerabilities work: #30SecTech

Authored by a Symantec employee


What is a software vulnerability?

In the world of cyber security, vulnerabilities are unintended flaws found in software programs or operating systems. Vulnerabilities can be the result of improper computer or security configurations and programming errors. If left unaddressed, vulnerabilities create security holes that can be exploited by cybercriminals.

Safety for every device.

Security is no longer a one-machine affair. You need a security suite that helps protect all your devices – your Windows PC, Mac, Android smartphone or your iPad.

Why do vulnerabilities pose security risks?

Hackers write code to target a specific security weakness and package it into exploit malware, a type malicious software that takes advantage of a vulnerability in order to compromise a computer system or cause an unintended behavior to occur on the software. If your computer is infected, exploit malware can steal your data, allowing hackers to take unauthorized control of your computer, and even use the software in a way that was not originally intended.

For the everyday computer user, a vulnerability can pose serious security risks because exploit malware can infect a computer through otherwise harmless web browsing activities, such as viewing a website, opening a compromised message, or playing infected media.

What makes a vulnerability a zero-day?

The term ‘zero-day’ refers to an unknown software vulnerability that the developer is newly aware of, and thus an official patch or update to fix the issue has not been released. Essentially, ‘zero-day’ refers to the fact that the developers have “zero days” to fix the problem that has just been exposed—and perhaps already exploited by hackers. Once the vulnerability becomes publicly known, the vendor must work quickly to fix the issue in order to protect its users. However, if the software vendor fails to release a patch in a timely manner and hackers manage to exploit the security hole, then what is known as a zero-day attack can happen.

What can you do to protect yourself from zero-day vulnerabilities?

Zero-day vulnerabilities present serious security risks, leaving you susceptible to zero-day attacks, which can result in potential damage to your computer or personal data. In order to keep your computer and data safe, you must take both proactive and reactive security measures. Your first line of defense is to be proactive by using a comprehensive solution of security software, like Norton Security, that protects against both known and unknown threats. Your second line of defense is to be reactive and immediately install new software updates when they become available to reduce the risk of malware infection.

Performing software updates installs many necessary revisions to the software or operating system, such as adding new features, removing outdated features, updating drivers, delivering bug fixes, and most importantly, fixing security holes that have been discovered.

Follow this security checklist to be sure you are doing everything you can to keep your information protected from the security risks associated with zero-day vulnerabilities:

  • Keep software and security patches up to date, downloading the latest software releases and updates installs security patches and fixes bugs that the previous version may have missed
  • Establish personal online security best practices
  • Configure security settings for your operating system, internet browser and security software
  • Install a proactive and comprehensive security software to block threats targeting vulnerabilities, from both known and unknown threats

Don’t wait until a threat strikes.

Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device – like most of us do – you need an all-in-one security suite. Meet Norton Security Premium.

Enjoy peace of mind on every device you use with Norton Security Premium.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.