What characterizes a 'zero-day' vulnerability?

A 'zero-day' vulnerability is characterized by being a flaw that is unknown to the vendor and has not been patched. The term "zero-day" refers to the fact that the developers have had zero days to fix the issue because they are unaware of its existence. This makes zero-day vulnerabilities particularly dangerous, as attackers may exploit these vulnerabilities before a patch is developed and released.

When a vulnerability is first discovered, the software vendor typically does not have any measures in place to address it. Consequently, it poses an immediate risk to users and systems, as exploits can be developed and utilized effectively before the software is updated. Zero-day vulnerabilities often lead to significant security breaches, raising critical concerns in cybersecurity.

In contrast, flaws known to the public but not to the vendor do not fit the definition of a zero-day, as the awareness by the public could lead to respective disclosures. Similarly, vulnerabilities that have been patched or are a result of software updates do not apply either, as a zero-day pertains precisely to those flaws that remain undeclared and without remediation.