What Is A Zero-Day Attack?

The zero-day refers to the fact that a developer has just learnt about the vulnerability and has 'zero days' to fix it.

Zero-day attacks happen due to many reasons ranging from security flaws or bugs within the software or firmware unknown to the vendor and hence does not have an official update. The zero day part refers to the fact that a developer has just learnt about the vulnerability and has ‘zero days’ to fix it.

The recent Zero-attacks have left technology giants like Apple, Google, and Microsoft rushing to fix the vulnerability within their system. From advising their users to updating their software to issuing a warning, the companies have been frantically looking for solutions that can minimise the effect of such adversaries.

Since the beginning of 2021, many zero-day vulnerabilities have surfaced in companies like Apple, Google and Microsoft. 

Subscribe to our Newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.


The tech giant warned its two billion Chrome users of an urgent update when an anonymous person on July 12 reported the vulnerability CVE-2021-30563. 

Google warned the users of a new zero-day exploit in its widespread web browser Chrome with a high severity level. It has described the vulnerability simply as a “Type Confusion in V8”, an open-source JavaScript engine in Chrome. 

The tech titan didn’t disclose any more information on security loopholes until most users were able to update their web browsers. The bug is said to affect the Windows, macOS, and Linux versions of the browser. In addition to the zero-day flaw, the new update by Google fixes seven other security vulnerabilities. 

Google was a victim of a major Zero-day attack in 2010, along with 30 other companies. The attack called Operation Aurora, was a series of cyberattacks from China that targeted U.S. private sector companies. The threat actors carried out a phishing campaign that exploited a zero-day flaw in Internet Explorer, compromising Yahoo, Adobe, Dow Chemical, Morgan Stanley, and Google’s networks, with more than two dozen other enterprises stealing their business secrets.


By the end of July Microsoft faced a zero-day horror dubbed the PrintNightmare. Microsoft rushed for an emergency update to stop the vulnerability in the Windows Print Spooler service which was being actively exploited. The zero-day security vulnerability affected all Microsoft Windows OS versions up to Windows 7

The remote code execution bug indexed as CVE-2021-34527 recorded a risk score of 8.2 out of ten on the Common Vulnerability Scoring System (CVSS) scale. The safety gap was so severe that Microsoft decided to issue an out-of-band patch instead of releasing the fix in its usual patch.

The PrintNightmare was considered extremely dangerous for two main reasons. Firstly, all Windows-based systems, including domain controllers and computers with system admin privileges, enabled it by default.

Secondly, an error between researchers’ teams led to an online publication of a proof-of-concept exploit for PrintNightmare, believing that the problem was solved. This confusion arose from a similar vulnerability (CVE-2021-1675), which affects the Print Spooler service as well. 


Apple is known for its security features, yet even the best of systems crumbles under evolving cyber-attacks. With a zero-day vulnerability loose in the wild, Apple rushed in to patch the security vulnerability CVE-2021-30807 with the latest update. According to Apple, CVE-2021-30807 could enable an application to execute code arbitrarily with kernel privileges on vulnerable and unpatched devices. Access to kernel privileges effectively enables attackers to control a device completely, be it iPhone, iPad, macOS notebook, or desktop.

To remediate this, Apple released an iOS 14.7.1 and iPadOS 14.7.1 update to a critical zero-day vulnerability that impacts IOMobileFramebuffer. This kernel extension allows developers to control how a device’s memory handles the screen display. 

Ritika Sagar
Ritika Sagar is currently pursuing PDG in Journalism from St. Xavier's, Mumbai. She is a journalist in the making who spends her time playing video games and analyzing the developments in the tech world.

Download our Mobile App


AI Hackathons, Coding & Learning

Host Hackathons & Recruit Great Data Talent!

AIM Research

Pioneering advanced AI market research

Request Customised Insights & Surveys for the AI Industry


Strengthen Critical AI Skills with Trusted Corporate AI Training

Our customized corporate training program on Generative AI provides a unique opportunity to empower, retain, and advance your talent.

AIM Leaders Council

World’s Biggest Community Exclusively For Senior Executives In Data Science And Analytics.

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox