zero-day exploit


Also found in: Dictionary, Thesaurus, Legal.

zero-day exploit

A malware attack that takes place after it is discovered and before the vendor of the vulnerable software deploys a patch, typically to the OS or Web browser. When a vulnerability is discovered by a user, it may wind up on one or two blogs, and the news travels fast. If only the software vendor becomes aware of it, the tendency is to keep the problem under wraps until a patch has been created to fix it. However, in many cases, vendors announce the flaw because users can then steer clear of the infected website or be sure to avoid opening a certain email attachment. See exploit.
Mentioned in ?
References in periodicals archive ?
After their investigation, Citizen Lab were able to determine that the links would have lead to a chain of zero-day exploits which would have remotely jailbroken Mansoor's iPhone 6 and installed spyware.
Brian Krebs, Experts Warn of Zero-Day Exploit for Adobe Reader, KREBS ON SECURITY (Nov.
As can be seen on Figure 1 the most common type of APT attack is social engineering, especially by social engineered emails or in combination with zero-day exploit which is tried to exploit computer application vulnerabilities that are unknown to others or the software developer.
and written by one of the world's leading counter-terrorism expert who takes pains to present an authentic account Zero-Day Exploit is a cyber-terrorist saga reflecting the cutting edge of the 21st century.
The researchers were able to direct a device to visit a malicious website that could then download a piece of malware or make use of a zero-day exploit to hijack or further take control of the device.
The assumption behind this tactic was simple: if Toropov tried to sell a zero-day exploit to Hacking Team, it was highly probable that he did the same with other spyware vendors.
The company had given hackers till October 31 to come up with a zero-day exploit of the iOS 9 OS.
Two Taidoor-related zero-day exploit attacks targeting CVE-2014-1761 hit government agencies and an educational institution in Taiwan.
According to CNET, the zero-day exploit allows attackers to install malware on your computer without one's permission, and that could be used to hack personal information or gain control of the computer.
Once the attackers developed a zero-day exploit, the next hurdle would be to get it past a firewall.
An Inexsmar campaign launched in July appeared to make significant strides in the standard attack carried out by DarkHotel, including using social engineering techniques to deliver the malicious payload to a target rather than the typical zero-day exploit approach the malware typically utilizes.
Its exploit for CVE-2017-0262 was distributed in a decoy document about President Donald Trump's decision to launch an attack in Syria last month and was chained with another zero-day exploit for a Windows privilege escalation vulnerability (CVE-2017-0263) that was also patched Tuesday.

Full browser ?