What’s A Zero Day and Why They’re Scary

Reconsider not updating your technology

This past week, Apple released an update to patch 2 zero day exploits.

This is a good time to explain zero day exploits and vulnerabilities. Zero days are dangerous.

There are 3 types of zero days

  • Vulnerability

  • Exploit

  • Attack

What’s a zero day vulnerability?

Zero day exploits are problems (bugs or faults) in software or hardware without a fix. These are dangerous because in a lot of cases the manufacturer of the product is unaware of the hole. Its name is zero day until there is a fix for the bug. These bugs may be unknown to anyone. This is why big tech companies have bug bounty programs. Because there’s a ton of money in making exploits, they want to make sure these vulnerabilities don’t fall into the wrong hands.

What’s a zero day exploit?

The zero day vulnerability is the problem, the exploit is the way the vulnerability is used. Someone with bad intentions will take this vulnerability and create software or a way to use the bug. Typically, they would use it to gain access to a device or install malicious software.

What’s a zero day attack?

An attack is when the bad intention-ed person uses the exploit to attack the vulnerability.

This is the scary part. Someone uses one of these vulnerabilities to attack users with the bug. The company who creates the software is unaware of the problem. This could go on for days or even months before anyone who can fix the bug knows about it. Then the company has to figure out how to fix the bug.

What does this mean for me?

As a consumer, this means you should always update as soon as possible.

For a business, you should be making sure these updates don’t cause problems in your environment and then pushing the updates as quick as you can.

This is really true for anything listed as a security update.

Updates from the creator of the product you use are the only way to stop the threat.

What are things I should be updating?

Anything you can update. This includes phone apps, operating systems, drivers (the software for components inside your computer), smart home devices, and servers. If it has software or firmware (software embedded in a device) you need to make sure it is up to date.

Are there other ways to protect me?

You can help yourself by updating as soon as possible. Also, you can help yourself by not opening emails from people you don’t know. Don’t answer phone calls or text messages from unknown numbers.

Most companies offer an auto-update function. Make sure this function is turned on.

What do I need to remember?

  • All software and hardware have bugs

  • They’re not always fixed fast

  • Update as soon as possible to mitigate risk

  • Use auto-update if you’re not a techie

3 thoughts on “What’s A Zero Day and Why They’re Scary

Leave a Reply

Your email address will not be published.