Zero-Day Attack
(Redirected from Zero-Day Attacks)
Jump to navigation
Jump to search
A Zero-Day Attack is a software system attack that exploits a zero-day vulnerability.
- Example(s):
- Stuxnet Zero-Day Attack, which exploited multiple zero-day vulnerabilities in industrial control systems, affecting Iran's nuclear program in 2010.
- WannaCry Zero-Day Attack, a ransomware attack in 2017 that leveraged a zero-day vulnerability in Microsoft Windows' SMB protocol.
- Aurora Zero-Day Attack, a series of attacks in 2009 targeting Google and other large companies, exploiting a zero-day vulnerability in Internet Explorer.
- Flash Player Zero-Day Attack, where a zero-day vulnerability in Adobe Flash Player was used in various exploits until the software was discontinued in 2020.
- Operation Prowli Zero-Day Attack, which exploited vulnerabilities in CMS and server infrastructures to spread malware in 2018.
- an iOS Zero-Day Attack exploiting a zero-day vulnerability in Apple's iOS system, targeting users through malicious apps or code injection.
- ...
- See: Workaround, Threat (Computer), Computer Software, Vulnerability (Computing), Hacker, Exploit (Computer Security), Software Vulnerability, Patch (Computing).
References
2018
- (Wikipedia, 2018) ⇒ https://en.wikipedia.org/wiki/Zero-day_(computing) Retrieved:2018-1-11.
- A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who would be interested in mitigating the vulnerability (including the vendor of the target software). Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network. [1] An exploit directed at a zero-day vulnerability is called a zero-day exploit, or zero-day attack. In the jargon of computer security, "Day Zero" is the day on which the interested party (presumably the vendor of the targeted system) learns of the vulnerability. Up until that day, the vulnerability is known as a zero-day vulnerability. Similarly, an exploitable bug that has been known for thirty days would be called a 30-day vulnerability. Once the vendor learns of the vulnerability, the vendor will usually create patches or advise workarounds to mitigate it. [2] The fewer the days since Day Zero, the higher the chance no fix or mitigation has been developed. Even after a fix is developed, the fewer the days since Day Zero, the higher is the probability that an attack against the afflicted software will be successful, because not every user of that software will have applied the fix. For zero-day exploits, the probability that a user has patched their bugs is of course zero, so the exploit should always succeed. [3] Zero-day attacks are a severe threat. [4]
- ↑ Compare:
- ↑ Flash Vulnerabilities Causing Problems
- ↑ About Zero Day Exploits
- ↑ THE MAN WHO FOUND STUXNET – SERGEY ULASEN IN THE SPOTLIGHT published on November 2, 2011