Zero-day attacks or threats refer to attacks that exploit previously unknown software vulnerabilities. Having been found “in the wild,” that is, before security researchers and software developers become aware of them and create a fix, or patch, they pose a higher risk to users than other vulnerabilities.
In January 2013 there was a lot of news about a new vulnerability affecting Oracle’s Java. Because this was a zero-day situation, there was no patch available from Oracle at the time. The vulnerability was deemed so risky that the United States Department of Homeland Security recommended disabling Java entirely until a patch could be released.
How do you protect yourself from an “unknown” vulnerability exploit? Using security software from a vendor who has the ability to gather and analyze huge amounts of threat data, with products that can access the resulting protections instantly in the cloud, can go a long way as the malware the exploits deliver can be quickly identified and blocked.
But if you fall victim to a social engineering scheme, and haven’t kept your security software up to date with the latest version, you may be the next victim.