Zero Day Exploit Csec 620

Introduction

Zero-day vulnerability can be described as a flaw in computer software that is previously unknown which exposes the computer program in question to manipulation by external entities. Many programs, for instance Adobe products, Microsoft products, and Apple products, have been found to have zero-day vulnerabilities. These vulnerabilities have also appeared in computer programs running key infrastructure installations, such as transportation systems and power plants. The main difference between zero-day vulnerabilities from other vulnerabilities, which is what makes them valuable, is the fact that they are unknown to both the makers of the software as well as the users of the software. An external entity who discovers the zero-day vulnerability can exploit the vulnerability from the “zeroth” day after discovering it, until the maker of the software or the users of the softwares discover it and fix the vulnerability (Ablon & Andrea, 2014).

Zero-day vulnerabilities are different from other mainstream cyber tools in that they are just information. Zero day vulnerabilities are bits of information that if you do Y in a software system, then X happens. In dealing with Zero-day exploits, a varying range of functionality and complexity is involved. Zero-day vulnerabilities enable access to software programs, enable monitoring of computer programs, enable extracting of information from software programs, and ultimately, can enable an entity to damage a computer program (Bansak, 2014).

The value of Zero-day vulnerabilities has led to a covert trade in the vulnerabilities. The Zero-day vulnerabilities are traded in three markets. These three markets include the “white market” where vulnerabilities are sold between software vendors and third-party clearing houses and hunters of the zero-day vulnerabilities. Buyers and sellers who have criminal intent operate another type of market called the “black market”. The other market is the “gray market” where sales of...