Posted by : Sivapriya Wednesday 4 November 2015

A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit in the wild that exposes a vulnerability in software or hardware which can create complicated problems well before anyone realizes something is wrong. In fact, a zero-day exploit leaves NO opportunity for detection... at first.


Vulnerability Timeline :
A zero-day attack happens once that flaw, or software/hardware vulnerability is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence “zero-day.” 
Let’s break down the steps of the window of vulnerability:

  1. A company’s developers create software, but unbeknownst to them, it includes a vulnerability
  2. The threat actor spots that vulnerability either before the developer does, or acts on it before the developer has a chance to fix it
  3. The attacker writes and implements exploit code while the vulnerability is still open and available
  4. After releasing the exploit, either the public recognizes it in the form of identity or information theft, or the developer catches it and creates a patch to staunch the cyber bleeding.

Once a patch is written and used, the exploit is no longer called a zero-day exploit. These attacks are rarely discovered right away. In fact, it often takes not just days, but months, and sometimes years before a developer learns of the vulnerability that led to an attack.

Read more ..

Leave a Reply

Subscribe to Posts | Subscribe to Comments


widget

Pageviews

Cloud Label

Blogumulus by Roy Tanck and Amanda Fazani

Blog Archive

- Copyright © 2013 Redback IT Academy -- Powered by Redback - Designed by @ Redback Studio -