A zero-day attack also referred to as Day Zero is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users. The solution is called a software patch. Zero-day attacks can also be used to attack the internet of things.
A zero-day attack gets its name from the number of days the software developer has known about the problem. A zero-day attack can involve malware, adware, spyware, or unauthorized access to user information. Users can protect themselves against zero-day attacks by setting their software—including operating systems, antivirus software, and internet browsers—to update automatically and by promptly installing any recommended updates outside of regularly scheduled updates.
That being said, having updated antivirus software will not necessarily protect a user from a zero-day attack, because until the software vulnerability is publicly known, the antivirus software may not have a way to detect it. Host intrusion prevention systems also help to protect against zero-day attacks by preventing and defending against intrusions and protecting data.