nordpass logo

What Is a Zero-Day Vulnerability?

Egle Grasys
Content Writer

A zero-day vulnerability is a weakness in software that has been discovered by a hacker but is still unknown to the developer. It’s called “zero-day” because once a hacker detects the vulnerability, the software vendor essentially has “zero time” to patch it before it’s exploited. 2021 brought a record number of these attacks. Here’s everything you need to know.

Components of a zero-day attack

To explain the level of danger and urgency related to a zero-day vulnerability, we must introduce three concepts:

  • Vulnerability. Vulnerability refers to the flaw in software that has been discovered by a hacker but is still unknown to the software developer.
  • Exploit. An exploit is the hacking instrument (such as malware) developed by the hacker to be used in the attack.
  • Attacks. The attack is the culmination of the zero-day vulnerability: it is when the zero-day exploit is used to take advantage of the zero-day vulnerability. This is when the damage (such as data theft or encryption) occurs.

Generally, developers only learn of the zero-day vulnerability once the attack has been carried out. Sometimes, hackers can be so subtle that it can take months for anybody to notice their attacks. After that, it can take weeks or even months for developers to get to the bottom of the attack and develop a security patch. This is precisely why zero-day vulnerabilities are so dangerous and why they must be taken seriously by both developers and users.

What causes a zero-day vulnerability?

Zero-day vulnerabilities can stem from software bugs, weak passwords, or lack of authorization and encryption. It might seem reckless on the software developer’s part that such flaws exist in the first place, but sometimes even the best and brightest companies (companies like Google or Zoom) are faced with zero-day attacks.

No matter how professional the developers are at these companies, they’re still human, and they’re bound to make mistakes (especially considering the millions of lines of code that make up such complicated software like Google).

Knowing this, developers are constantly on the lookout for vulnerabilities they may have accidentally left behind. If they find one, they quickly develop a patch and release it as a software update. However, if a hacker finds a bug before the developers do, it instantly becomes a zero-day vulnerability.

How does a zero-day attack work?

As soon as a hacker discovers a zero-day vulnerability, they can start developing exploit code, which is later used to perform the zero-day attack. For example, the hacker may develop special malware that will allow them to hack into the vulnerable software. Once the malware is developed, they need to get users to download it onto their devices. They can do this by employing phishing schemes (a digital form of social engineering).

As soon as the user is fooled into downloading the zero-day malware onto their device, the attack occurs and can result in stolen data, blocked systems, or even identity theft.

Why do cybercriminals carry out zero-day attacks?

Why would hackers go through the trouble of searching for a zero-day vulnerability (especially since they might not find anything), developing the exploit code, and then spending loads of time thinking of a way to use the exploit on a given system? Sadly, there are many possible reasons. Here are some of the primary motivators behind zero-day attacks:

  • Money. The potential profit for hackers associated with stolen user data can be huge.
  • Activism. Some hackers seek to raise awareness of a particular cause, and big cyber attacks usually get media attention.
  • Espionage. Government databases may get hacked by other countries seeking to gain classified information.

There’s lots to gain from carrying out a zero-day attack, so we shouldn’t expect the volume of these attacks to go down any time soon.

Who are the victims of zero-day exploits?

The truth is any individual or institution can become a victim of a zero-day attack. Potential targets include:

  • Average internet users
  • Corporations
  • Governments

As an individual, your susceptibility to zero-day attacks greatly depends on how you behave online and the companies you trust to process your data. The following section explains how you can protect yourself.

Protection against zero-day threats

While zero-day vulnerabilities may be impossible to avoid completely, you can take several steps to reduce the risk of an attack, such as:

  • Updating software. Software updates often include security patches for bugs discovered either by developers or by hackers.
  • Being cautious of phishing. Phishing is one of the main ways exploits make their way into a system, so be careful not to click on any suspicious links.
  • Reducing the number of applications you use. The more software you use, the more likely you are to run into a zero-day attack. It’s best to use a limited number of applications and ensure they don’t have access to too much of your data.
  • Using a firewall and antivirus software. These tools will create a barrier between your device and any outsiders attempting to perform a zero-day attack.

Examples of zero-day attacks

As mentioned previously, zero-day attacks can happen to even the most prominent and seemingly secure companies. Here are some of the most well-known recent zero-day attacks:

  • Log4j (2021). Log4j is a logging software used by Cisco, Amazon, Atlassian, and many other prominent organizations. The log4j zero-day vulnerability that occurred in 2021 put the security of countless users in jeopardy.
  • Chrome (2021). Chrome had several zero-day hacks in 2021, which all happened because of a flaw in JavaScript.
  • Zoom (2020). When Zoom began gaining popularity at the start of the pandemic, hackers discovered a zero-day vulnerability that affected Windows 7 users.


Zero-day vulnerabilities and attacks seem to be something the modern internet user must get used to. The reasons for such attacks and the levels of danger associated with them may vary, but it’s clear that companies and individuals must be alert. Updating your software regularly and installing the necessary security tools are some of the best things you can do to safeguard your data against zero-day exploits.

Subscribe to NordPass news