Ver:
Son aquellas vulnerabilidades en sistemas o programas informáticos que son conocidas por determinados atacantes pero no lo son por los fabricantes o por los usuarios. Son las más peligrosas ya que un atacante puede explotarlas sin que el usuario sea consciente de que es vulnerable.
http://www.inteco.es/glossary/Formacion/Glosario/
Aprovechamiento de una vulnerabilidad inmediatamente después de haber sido descubierta. Se beneficia del lapso de tiempo requerido por los fabricantes para reparar las vulnerabilidades reportadas.
A zero-day exploit
is one that takes advantage of a security vulnerability on the same day that
the vulnerability becomes generally known. Ordinarily, after someone detects
that a software program contains a potential exposure to exploitation by a
hacker, that person or company can notify the software company and sometimes
the world at large so that action can be taken to repair the exposure or defend
against its exploitation. Given time, the software company can repair and
distribute a fix to users. Even if potential hackers also learn of the
vulnerability, it may take them some time to exploit it; meanwhile, the fix can
hopefully become available first.
http://searchsoftwarequality.techtarget.com/glossary/
The "Day
Zero" or "Zero Day" is the day a new vulnerability is made know.
In some cases, a "zero day" exploit is refered to an exploit for
which no patch is available yet. ("day one"-> day at which the
patch is made available).
http://www.sans.org/security-resources/glossary-of-terms/
Malware designed
to exploit a newly discovered security hole unknown to the software developer.
"Zero-day" refers to the amount of time a developer has between
learning of a security hole and the time it becomes public or when black hat hackers find out about it and try
to use the security hole for nefarious purposes.
http://cyber.law.harvard.edu/cybersecurity/Keyword_Index_and_Glossary_of_Core_Ideas
Temas relacionados