Ver:
Son aquellas vulnerabilidades en sistemas o
programas informáticos que son conocidas por determinados atacantes pero no lo
son por los fabricantes o por los usuarios. Son las más peligrosas ya que un
atacante puede explotarlas sin que el usuario sea consciente de que es
vulnerable.
http://www.inteco.es/glossary/Formacion/Glosario/
Aprovechamiento de una vulnerabilidad inmediatamente
después de haber sido descubierta. Se beneficia del lapso de tiempo requerido
por los fabricantes para reparar las vulnerabilidades reportadas.
A zero-day exploit is one
that takes advantage of a security vulnerability on the same day that the
vulnerability becomes generally known. Ordinarily, after someone detects that a
software program contains a potential exposure to exploitation by a hacker,
that person or company can notify the software company and sometimes the world
at large so that action can be taken to repair the exposure or defend against
its exploitation. Given time, the software company can repair and distribute a
fix to users. Even if potential hackers also learn of the vulnerability, it may
take them some time to exploit it; meanwhile, the fix can hopefully become
available first.
http://searchsoftwarequality.techtarget.com/glossary/
The "Day Zero" or
"Zero Day" is the day a new vulnerability is made know. In some
cases, a "zero day" exploit is refered to an exploit for which no
patch is available yet. ("day one"-> day at which the patch is made
available).
http://www.sans.org/security-resources/glossary-of-terms/
Malware designed to exploit
a newly discovered security hole unknown to the software developer.
"Zero-day" refers to the amount of time a developer has between
learning of a security hole and the time it becomes public or when black hat hackers find out about it and try to use the
security hole for nefarious purposes.
http://cyber.law.harvard.edu/cybersecurity/Keyword_Index_and_Glossary_of_Core_Ideas