In itself, a zero-day exploit is just a flaw. However, this flaw in a software or hardware component can lead to complications long before one realizes its existence. Zero-day exploits are undetectable, at least initially.
Chronology of a vulnerability
A zero-day attack occurs when this flaw, or this hardware/software vulnerability, is exploited by malware even before a developer has had the opportunity to create a patch to fill the gap - hence the qualifier "Zero-day". Let's review the steps in the vulnerability window:
- Business developers create software but, without their knowledge, leave it vulnerable.
- A cyber pirate spots this vulnerability before the developers, or exploits it before the developers have had time to correct it.
- The hacker writes and implements an exploit code while the vulnerability is still present.
- Once the exploit in circulation, it is either identified by the general public victim of a theft of data or personal information, or flushed out by the developer who creates a patch to plug the breach.
Once the patch is created and applied, the exploit is no longer qualified as “zero-day”. Rarely, these attacks are immediately identified. Often, it takes not days, but months, or even years, before a developer becomes aware of a vulnerability exploited by an attack.
The article is associated with DICC offers ethical hacking training in delhi .
