Zero Day Exploit

A zero-day exploit is a type of computer attack that exploits a software vulnerability before that vulnerability is known to the public or the software's developer. Zero-day exploits are very valuable to hackers and cybercriminals because they are unknown — all systems running the affected software are vulnerable, so the attack is likely to succeed. The term "zero-day" refers to the idea that the developer has had zero days between learning of the vulnerability and the attack occurring.

After hackers discover a new vulnerability, they create a virus or piece of malware to exploit it. The exact methods depend on the nature of the security hole — some exploits can attack a vulnerable web browser when it loads a specific webpage, while others require a social engineering attack to trick someone into installing a trojan horse on a vulnerable computer. Once a hacker has access to a system, they can install additional malware, steal valuable data, or disrupt a service that the system provides. Since the exploit is unknown to its victims, a hacker who can cover their tracks can often maintain this unauthorized access for some time completely undetected.

Hackers who discover a new vulnerability may often choose to exploit it themselves or sell the details to other hackers and cybercrime groups on the black market. On the other hand, white-hat hackers who find a new vulnerability often report it to the software vendor for a bug bounty.

Software developers can only issue a hotfix to patch a security hole after the zero-day exploit is publicly known. Antivirus software definitions will also only be updated to catch exploits after they've been revealed. It's wise to maintain frequent data backups in case a zero-day exploit is used to attack your computer and modify or delete your data, and to make sure that you regularly install security patches as they are issued to close security holes as soon as possible.

Updated October 12, 2023 by Brian P.

quizTest Your Knowledge

Which of the following Java technologies is a type of API?

JavaServer Faces
Java Virtual Machine
Java Enterprise Edition
Java Runtime Environment
Correct! Incorrect!     View the JSF definition.
More Quizzes →

The Tech Terms Computer Dictionary

The definition of Zero Day Exploit on this page is an original definition written by the team. If you would like to reference this page or cite this definition, please use the green citation links above.

The goal of is to explain computer terminology in a way that is easy to understand. We strive for simplicity and accuracy with every definition we publish. If you have feedback about this definition or would like to suggest a new technical term, please contact us.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe or change your frequency setting at any time using the links available in each email.

Questions? Please contact us.