Wikipedia defines '0 Day Vulnerability', AKA: Zero Day Attack(s) as:
A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously
unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of
awareness of the vulnerability. This means that the developers have had zero days to address and patch
the vulnerability. Zero-day exploits (actual software that uses a security hole to carry out an attack) are
used or shared by attackers before the developer of the target software knows about the vulnerability.
Practically speaking, these vulnerabilities are bound to exist in any software or website. The important factor is getting this crucial knowledge to a team of professionals who can properly analyze the website for the aforementioned exploits and fix them once discovered.
This is exactly why online companies go through the painstaking process of hiring vulnerability experts who could help the company to release a post launch patch. For instance, take the example of your favorite browser. The developers are always releasing "Updates" every now and then. Why is that so?
The updates are necessary because they are supposed to patch the unknown vulnerabilities, which were not detected at the time of releasing the browser version, and sealing them for good. New vulnerabilities are always being discovered as new technologies and usability updates are applied to help improve the overall quality process, which essentially means that security fixes need to be cognizant of past vulnerabilities while taking steps to ensure maximum safety in the future.
In some scenarios, it is literally impossible to discover all of the vulnerabilities at any given time. Even if every security protocol was adhered to at the time of launch, it's still possible for hackers or individuals knowledgeable in the various types of security exploits to take advantage of something left behind in the code by a developer. In this case, the company has to contact its online security providers to institutionalize:
- Virtual LAN access to remove the content of individual transmissions
- Deployment of said intrusion detection or an immediate implementation of firewall
- Introduction of Network Access Control to prevent rogue machines from breaching the website
- Lockdown of access points until the issue has been fully resolved
'0 Day Vulnerabilities' are commonly present in CMS scripts such as WordPress, Joomla, Drupal and even plain HTML. They are also found in huge abundance when it comes to modern day website plugins. Taking the example of WordPress, Defencely recently culled a possible online attack by detecting and reporting a security flaw in a popular WordPress plugin, which was likely to infect more than 50,000 websites due to an "unknown" vulnerability.