Zero-day Vulnerabilities: What They Are and How They Work

As we at DocuPhase take the appropriate steps to protect ourselves from the current highly talked about zero-day vulnerabilities (Internet Explorer and iTunes Zero-day exploit), it reminded us that not everyone is aware or knows what zero-day vulnerabilities are.

What is a Zero-Day Vulnerability?

A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw.  The term “zero-day” refers to a newly discovered software vulnerability that the developers have “zero-days” to fix the problem. 

Zero-day vulnerabilities have the potential to be exploited by cyber-criminals. As these cyber-criminals find or learn about the vulnerabilities, they write code to target specific security weaknesses and create malware called zero-day exploits. This malware then exploits the vulnerability to compromise a computer system or network to cause unintended behavior. This unintended behavior could be stealing sensitive information or data, holding your data for ransom, or spoofing your identity to continue exploiting others.

What Measures can be Taken to Avoid These Vulnerabilities?

While there is no way to guarantee complete 100% security, the following are measures that can be implemented to help reduce the chance of being susceptible to zero-day attacks.

• Keep software and security patches up to date by immediately taking software updates.
• Be proactive by checking for a solution when a zero-day vulnerability is announced.
• Consider stopping the use of the software until a solution is announced.
  • Blocking IE could disable some DocuPhase ActiveX functions (ex. ScanDox)
• Use a comprehensive security software that protects you against known and unknown threats.
• Configure security settings for your operating systems, internet browsers, and security software

There is some good news with these latest vulnerabilities: Microsoft and Apple have recently announced and made available their patches to resolve currently known zero-day impacts inside of Internet Explorer & iTunes.