Zero-day Vulnerabilities - CompTIA Security+ SY0-701 - 2.3

Understanding Security Vulnerabilities and Zero-Day Attacks

Overview of Security Vulnerabilities

• Most applications and operating systems contain undiscovered security vulnerabilities that require identification and patching.

• Researchers and attackers are both actively seeking these vulnerabilities, with attackers aiming to exploit them before they are patched.

The Role of Attackers

• Attackers document vulnerabilities to create attack codes, often withholding this information from software vendors, leaving them unaware of existing issues.

• When an attacker exploits a vulnerability without a patch available, it is classified as a zero-day attack.

Response to Zero-Day Attacks

• Once the security community identifies a new type of attack, there is an urgent effort to develop patches; until then, attackers can exploit the vulnerability freely.

• For tracking zero-day attacks and general vulnerabilities, resources like the Common Vulnerabilities and Exposures (CVE) website at CVE.mitre.org are recommended.

Examples of Recent Zero-Day Attacks

• In April 2023, Chrome reported a zero-day attack involving memory corruption and sandbox escape.

• In May 2023, Microsoft issued a zero-day patch related to self-signed code running during UEFI boot processes despite secure boot settings.