In the old days, "zero-days" were associated with attacks against unknown vulnerabilities. Now, the term is much more often used to describe a vulnerability that is widely known and doesn't yet have a patch available. It is worth keeping this distinction in mind because the threat can be much different — in the first case, it is imminent, and in the second case it may be low (obviously, this varies significantly). In addition, the protection capabilities can be very different, with deterministic signatures vs. behavioral/heuristic analysis.
I have taken to calling the first case vulnerabilities "undercover vulnerabilities" since they are not well-known and being actively exploited – in my mind, the worst-case scenario for security professionals.
Exploiting Undercover Vulnerabilities
For a while now, I have been tracking “undercover vulnerabilities” and exploits. These exploits are a subset of zero day (0day) exploits – while zero day attacks are focused on vulnerabilities that don’t have patches, the undercover exploit is focused …