Zero-Day Vulnerability

Zero-Day Vulnerability :

A "zero-day vulnerability" is like a secret door in a computer program or software that nobody knows about until hackers use it. It's called "zero-day" because developers have had zero days to fix it since they didn't know it existed. It's a surprise weakness that bad actors can exploit before it's even discovered by those who make the software.

Example Of A Recent Zero-Day Vulnerability:

Microsoft has recently released updates to fix two severe problems in some of their software, like Skype, Teams, and their Edge web browser. These problems are called "zero-day vulnerabilities" because they were discovered unexpectedly, and developers had no time to fix them in advance.

These issues were found in two widely used programs, webp and libvpx, used in many apps, browsers, and phones to handle images and videos. Because these problems were actively used to spy on people, tech companies, phone makers, and app developers hurried to update their software to protect users.

Microsoft has now fixed these issues in their products. They also admitted that these vulnerabilities were being actively used to attack people's computers and devices.

However, Microsoft did not say whether these problems were used to target their products specifically or if they even knew for sure.

In September, researchers at Citizen Lab found evidence that a spyware company called NSO Group was using a similar vulnerability to hack into fully updated iPhones.

Read the full article here: https://techcrunch.com/2023/10/04/microsoft-wont-say-if-its-products-were-exploited-by-spyware-zero-days/