Zero-Day means, that hackers have found and exploited a vulnerability before the wider community and especially the software provider have realized , that this vulnerability exists.

Zero day AS it IS stated in the Name is an exploit or a vulnabirility which got found on Release of the stuff that got hacked.

In modern parlor the length of time indicates how long the hack have been publically known or alternatively how long a fix have been available to counter the hack. So for example when someone successfully uses a two year hack it means the system they are attacking is not updated. If you use a two week hack you can attack a lot of systems which only update once a month or so. A one day hack is quite recent and only a few systems are upgraded to counter it. But a zero day hack is a hack that have not yet been publically known for which no updates are made to counter. So you would expect it to always work.

It’s the number of days that the problem has been revealed outside of the hackers who found it.

For example, if Home Depot sold a door lock, but it had a problem where you could stick a magnet on it and it would unlock the door, then that would be a hack burglars could use to break into anyone’s house who used that lock.

If Home Depot discovers this problem before the burglars do, they could publicly announce it and tell everyone who owns that lock to get it fixed. Then it’s a race between home owners to fix their locks before burglars use the hack to break into their homes.

The more days that pass between the public announcement and a burglar trying to hack someone’s lock, the more likely it is that the home owner has already fixed the lock.

So a “one-day” would be a burglar trying to hack a lock one day after Home Depot announced the problem, and a burglar might have a decent chance of breaking in if they picked a lazy or slow home owner’s home. A “30-day” would be a lot less likely for the burglar to succeed, since most home owners would have hopefully fixed their lock by then.

A “zero-day” would be if the burglars found out first before Home Depot did. Then any burglar who knows about the hack could break into the home of anyone who owns that lock, since no one would have fixed it.

When a vulnerability is found by a hacker he normally follows a responsible disclosure protocol.

The vendor is informed, time is given to create a patch/update/inform customers, and additional time for all affected users to upgrade their systems. Only then full details about the vulnerability are released and often after that time the vulnerability is widely used to attack systems. (As now other people also have knowledge about the details to create exploits.)

When the details of the vulnerability, or an exploit, are imediately released, there has been no time (zero days) to remediate the issue. As nobody is fully protected, these zero days are extremely disruptive.

More general the term zero day is also used for recent vulnerabilities for which there is no patch available (yet).

There are zero-days left to fix it in order to prevent attacks. A zero-day remains a zero-day until a patch is released.

Like you’re 5:

Imagine you’re on the playground as a kid, and somewhere behind a fence there is a picnic table with a bucket of candy on it.

A kid or two (these would be your hackers) discover that there is a small hole in the fence hidden in a tree-line.

Before anyone notices that candy has started to disappear from the bucket, the kids are essentially free to come and go as they please, as not only does no one know that the candy is being taken – but no one has a reason to suspect it might be because there is a working fence around it.

These candy filled days prior to the trip to the principals office are your “Zero Days”

Naturally this becomes much more severe when the candy is sensitive data or even finances.

0 days refers to the amount of time the public has been aware of the vulnerability.

Most hackers exploit vulnerabilities that have been known about for a long time. They target devices and servers which haven’t been updated in a while.

A zero day attack means nobody has any warning, nobody has developed a fix, no one has released a fix, and every device is vulnerable.

A traditional attack would be like picking the lock. We know locks can be picked, and some are made to be pick resistant.

If you discovered a new way to get past locks using, say, liquid nitrogen, that no one had ever considered, it would be similar to a zero day attack.

Some of these replies really don’t make sense. People distinguishing between an “attacker” and “researcher” that doesn’t matter…

A zero day is a vulnerability found in a platform/framework/code… that has never been found/exploited by another person and which remained unknown to the developers until… the 0day vulnerability was found and reported/patched.

Anyone can find a 0day, the difference between attacker and researcher solely matters with regards to the goal of leveraging the exploit. If you decide not the abide by the ethical code, and not report the 0day to the developers and exploit it for your own benefit OR sell the 0day to other malicious actors you would be regarded as an attacker/blackhat.

Whereas a security researcher who abides by the moral code and finds the vulnerability (legally) by using a bug bounty platform/private host in a VM of the software/by abiding by the responsible disclosure policy etc… and reporting the vulnerability to the developers, working with them to patch it and once patched/approved by the developers makes his research public(=this is where its no longer a 0day) and files for a CVE at Mitre (a CVE is a code that identifies the 0day vulnerability in a database along with the report and usually the researchers name) (Mitre is the organisation maintaining this database)

So tldr: a 0day is a weakness in code that has never been found/exploited publicly before.

For your own entertainment, these were all CVE’s and thus 0days found with the keyword “Reddit”:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Reddit

There are a number of resources by which the security community tracks and notifies people of exploits (Bugtraq was the big one in my day) so they can patch their software or otherwise defend against them. A zero-day exploit is one that is so new (as in, discovered the day it is used) that it hasn’t been disseminated through these resources and thus there is no patch against it yet.