A large amount of tech coverage has recently been devoted to zero-day vulnerabilities and attacks and the industry’s widespread attempts to stop them.
The average Internet user has never encountered the term “zero-day attack” but it’s one that we are going to hear more about in future. A zero-day attack occurs when a hacker exploits a software flaw that is unknown to the developer. Techopedia’s Cory Janssen explains that this type of flaw is dangerous because “there is no known security fix [as] developers are unaware of the vulnerability or threat.” These threats are called “zero-day” because they occur on or before the day that a vendor becomes aware of the bug.
Zero-day attacks have long been a concern for software developers, but they have only recently received widespread attention due to a string of high-profile events. In July, leaked documents revealed multiple zero-day exploits in Shockwave Flash. From The Post-Standard: “Once the details were made public, it left anyone using Flash open to cyberattacks.” According to TechRepublic, the result was an eye-opening race, that revealed hackers were able to create malware to exploit the flaws a full day before developers could patch them. Since then, zero-day attacks against a wide variety of developers have dominated the headlines.
The insidious nature of zero-day attacks is alarming, but developers have systems in place to combat them. An exciting example: bug bounty programs, which give monetary rewards to members of the general public who discover software bugs. The tech industry has long used bug bounty programs to incentivize hackers to uncover and report security flaws. Infosecurity Magazine reports that United Airlines has also adopted this strategy and has already “awarded millions of frequent flier miles to white-hats.”
For end-users, the best way to stay safe is to keep your software updated. Frequently check for updates to your browser and select “auto-update” wherever possible so that your device always has the latest security patches.