As we at DocuPhase take the appropriate steps to protect ourselves from the current highly talked about zero-day vulnerabilities (Internet Explorer and iTunes Zero-day exploit), it reminded us that not everyone is aware or knows what zero-day vulnerabilities are.
A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. The term “zero-day” refers to a newly discovered software vulnerability that the developers have “zero-days” to fix the problem.
Zero-day vulnerabilities have the potential to be exploited by cyber-criminals. As these cyber-criminals find or learn about the vulnerabilities, they write code to target specific security weaknesses and create malware called zero-day exploits. This malware then exploits the vulnerability to compromise a computer system or network to cause unintended behavior. This unintended behavior could be stealing sensitive information or data, holding your data for ransom, or spoofing your identity to continue exploiting others.
While there is no way to guarantee complete 100% security, the following are measures that can be implemented to help reduce the chance of being susceptible to zero-day attacks.
There is some good news with these latest vulnerabilities: Microsoft and Apple have recently announced and made available their patches to resolve currently known zero-day impacts inside of Internet Explorer & iTunes.