A zero-day vulnerability is a software or hardware defect that remains unknown to the vendor and the wider security community. Attackers discover and exploit these flaws before developers can create or release a fix, meaning affected users have zero days of protection once exploitation begins.
The term reflects the timeline: zero days elapse between the public discovery of an attack and the availability of a patch. Vendors only learn about the vulnerability when attacks occur or researchers responsibly disclose it. During this gap, any user running the vulnerable code is at risk.
Zero-day exploits are particularly dangerous because:
- No patch exists to block the attack
- Security software often cannot detect the threat since the vulnerability is unknown
- Attackers maintain an advantage until the vendor learns of the flaw and releases a fix
- Common users cannot protect themselves through standard patching procedures
Cybercriminals and state-sponsored groups actively search for zero-days to sell on darknet markets or use for targeted attacks. High-profile examples include zero-days in Windows, Google Chrome, and iOS that have affected millions globally.
Responsible security researchers follow disclosure practices: they report vulnerabilities privately to vendors first, allowing time for patch development before public details emerge. Some vendors run bug bounty programmes, paying researchers who discover and report zero-days responsibly.
To reduce risk, keep software and operating systems updated, use reputable antivirus tools, disable unnecessary features, and avoid suspicious links or attachments. Whilst you cannot protect against unknown flaws entirely, these steps minimise exposure to both zero-day and known vulnerabilities. Organisations should monitor security advisories closely and apply patches promptly once available.