Zero-day exploit

Exploit for a vulnerability which has yet to be patched

A zero-day exploit is an attack taking advantage of a vulnerability in a piece of software or operating system, for which the developer has yet to release a patch.

When a vulnerability is discovered by malware creators, or found by researchers and disclosed without giving adequate advance notice to the developers, the flaw can be exploited by malware which can infect systems even if they are fully patched and up-to-date. In such instances malware authors often send out spam containing files using the exploit, or linking to web pages which use it, to infect and gain control of as many vulnerable systems as possible before they are patched.

The term zero-day has recently come to be applied to any threat which emerges very soon after the disclosure of a vulnerability, even when a patch has been released, as the speed of the attack means that many users will not have had time to update their software to the safe level.