Sonjj Updated: 31 March 2024 En

What is a zero-day attack?

zero-day vulnerability

Hello everyone, surely you have once heard the term "zero-day vulnerability" in technology forum news, right? Today, let's learn about it with!

Definition and explanation

"Zero-day" is a term that describes discovered security vulnerabilities that hackers can use to attack online systems.

The term "zero-day" refers to the fact that the system's vendors or developers have only recently discovered the vulnerability (meaning they can fix it). But zero-day attacks often happen before developers have a chance to resolve them.

zero-day is also abbreviated as 0-day. It is helpful to be able to understand the difference between an exploit and a zero-day attack:

  • zero-day vulnerability: is a software vulnerability discovered by attackers before the system vendor. Therefore, vendors will not know so there is no patch for the zero-day vulnerability, so attacks have a high probability of success.

  • zero-day exploits: are all methods that hackers use to find zero-day vulnerabilities.

  • zero-day attack: after hackers have found a zero-day vulnerability, they will proceed to cause damage or steal data from systems.

Attack method

A zero-day attack begins with a software developer releasing vulnerable code, which is then discovered and exploited by hackers.

Once the attack is successful, it is likely that the attacker will commit identity theft, important data or the developers will create a patch to limit its attack. As soon as a patch is written and applied, the exploit is no longer called a zero-day exploit.

The following is a timeline of zero-day exploits broken down into stages by security researchers Leyla Bilge and Tudor Dumitras:

  • Stage 1: security vulnerability appears: Vendors or developers created software without realizing that their software contained vulnerable code.

  • Stage 2: exploit release: hackers have discovered the vulnerability through vulnerable code before the developer. The attacker would then deploy code that could exploit that vulnerability.

  • Stage 3: vulnerability detection: after being attacked, developers will detect it but no patch is available.

  • Stage 4: vulnerability disclosure: the developer/or security experts will publicly announce the zero-day vulnerability to user and attackers of its existence.

  • Stage 5: anti-virus: attacker has created zero-day malware targeting a security vulnerability then anti-virus vendors can quickly identify its signature and provide safeguards against it. However, the system may still be exposed if there are other ways to exploit the vulnerability.

  • Stage 6: security patch release: developers will release a public fix to close the vulnerability. However, how long this takes depends on the complexity and priority of their development process.

  • Stage 7: complete security patch: Releasing a security patch does not provide an immediate fix because it may take time for users to deploy the patch. For this reason, organizations and individual users should enable automatic software updates and pay attention to new notifications.

Who did it?

Perpetrators are divided into different categories:

  • Cyber criminals – hackers whose motive is often financial gain.

  • Hacktivists – hackers motivated by a political or social cause who want attacks to be visible to draw attention to their cause.

  • Cyber warfare – states or political actors monitor or attack another country's cyber infrastructure.

  • Corporate espionage – hackers spy on companies to get information about them.

zero-day vulnerability
zero-day vulnerability

Who is the target?

Hackers can attack vulnerabilities in many different systems:

  • Operating systems
  • Web browser.
  • Internet of Things (IoT).
  • Open source components.
  • Hardware and firmware.
  • Office application.

And as a result, you know, there are many victims including:

  • Individuals using vulnerable systems, such as browsers or operating systems. Hackers can use security vulnerabilities to compromise devices and build large botnets.
  • Individuals have access to valuable business data.
  • Hardware devices, firmware, and Internet of Things.
  • Large businesses and organizations.
  • Political objectives and/or national security threats.
  • Government agencies.

Attacks are divided into two types:

  • intentional attacks: Carried out by hackers against potentially valuable targets – such as large organizations, government agencies or potentially high-ranking individuals.
  • Unintentional attacks: Conducted against users of vulnerable systems to threaten organizations or large systems.

Intentional or unintentional attacks by zero-day hackers can leave many great risks for users. Be careful about this!

How to identify zero-day attacks

Organizations attacked by zero-day exploits may see unusual traffic or scanning activities that are suspicious of originating from customers or services. Some zero-day detection techniques include:

  • Use existing databases about malware and how they work as a reference.

  • Several techniques look for characteristics of zero-day malware based on how they interact with the target system (Instead of examining the code of incoming files, this technique looks at the interactions between them with existing software and try to determine whether they are the result of malicious actions).

  • Use computer learning technologies to detect data from previously recorded exploits to establish a baseline for safe system behavior based on data about past interactions and current with the system.

Although there are different techniques that can detect zero-day vulnerabilities, it is extremely difficult to do. Because there are many different types of zero-day vulnerabilities - such as lack of data encryption, lack of authorization, broken algorithms, bugs, security issues, etc. – so they can be difficult to detect.

Several attacks took place

Historically, there have been many data breaches through various zero-day vulnerabilities. And next, I will present some of the most recent data breaches.

Apple IOS (2020): Apple IOS is considered the most secure security platform among the major phone platforms. But in 2020 the platform became a victim of at least two zero-day vulnerabilities in the iOS operating system (including one that allowed attackers to illegally infiltrate and control the iPhone remotely).

Google Chrome (2021): In 2021 Google's Chrome faced various zero-day threats, forcing Chrome to release continuous updates. This vulnerability stems from a bug in the V8 JavaScript engine used in web browsers.

MOVEit (2023): In May 2023, a ransomware group called Clop began abusing and exploiting vulnerabilities in Progress Software's MOVEit Transfer software. This widespread attack stole important data from governments, businesses and individuals around the world, leaving behind many devastating and difficult-to-recover consequences.

How to prevent zero-day vulnerabilities

To protect against zero-day vulnerabilities and keep your computer safe, organizations and individuals need to take the following measures:

1. For organizations.

  • Vulnerability scanning: system teams and businesses must regularly find different solutions to find vulnerable codes so they can be repaired (Although this is difficult and takes a lot of time) .
  • Patch management: Deploy patches as soon as possible after software vulnerabilities have been discovered. However, it cannot prevent attacks if hackers exploit them before the patch is deployed.
  • Input Validation: Input validation or data validation is proper testing of any input provided by an application or user to prevent improperly formatted data from entering the system .
  • Use firewall: Firewalls play an essential role in protecting your system against zero-day threats.
  • User education: Educating users and employees to always uphold security issues is extremely important for organizations.

2. For individuals.

  • Always update software and operating systems: This is done by users after developers release patches or software upgrades to cover identified vulnerabilities.
  • Use necessary applications: You should only download or use applications that are necessary for you, because if you use too many applications, it will increase the risk of various zero-day vulnerabilities. may affect your privacy and security.
  • Use anti-virus software: There are many different safe anti-virus software on the market, you can find out and choose the best and most suitable program for yourself.
  • Raising awareness: Raising awareness about personal information security is fundamental and it can help you avoid unfortunate events that occur in zero-day vulnerabilities.
  • Use temporary information: when participating online, there is no guarantee that your personal information will be safe, so use temporary information to give yourself an extra layer. Websites that provide temporary information include: (Receive SMS Online), (Temp mail), (Fake Name Generator) , (Random Credit Card Numbers Generator).
zero-day vulnerability
zero-day vulnerability


In short, a zero-day vulnerability is an extremely dangerous software vulnerability for developers and organizations. Hackers can attack those vulnerabilities to exploit important data, causing heavy losses to systems, organizations, and including all of their users.

Regardless of whether you are a user or a manager of an organizational system, preventing the harmful effects of zero-day vulnerabilities is very important.

I hope this article is useful, thank you for taking the time to read and learn about this article!