A zero-day threat is a threat that exploits an “unknown computer security vulnerability.” [1]
The term “zero-day” is used to indicate that the software faces threats on very day (or “zeroth”) day of its release.
It is also used to denote the threats to a software for which there are “no known security fix because developers are oblivious to the vulnerability or threat.”[1]. This could be well after the “zeroth” day.
Attackers exploit zero-day vulnerabilities through different vectors. Renowned hacker groups and malicious coders anticipate these vulnerabilities, detect them as soon as the software is released, and exploit them with worms, virus, and infected code before the software’s developers can patch them.
A zero-day threat is also known as a zero-hour attack or day-zero attack[1].
Zero-day attacks occur within a time frame, known as the vulnerability window.[1]
The vulnerability window could range from a small period to multiple years.
For instance, in 2008, Microsoft revealed an Internet Explorer vulnerability that infected a few versions of Windows released during 2001. The date in which this vulnerability was initially discovered by the attacker is unknown, but the vulnerability window in such a case might have been as much as seven years. [1]
References-
1. What is a Zero-Day Threat? – Definition from Techopedia. (n.d.). Retrieved from https://www.techopedia.com/definition/27451/zero-day-threat