The term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn't been released. ... But the software vendor may fail to release a patch before hackers manage to exploit the security hole.

What makes a vulnerability a zero-day? The term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released.

So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed — and perhaps already exploited by hackers.

Once the vulnerability becomes publicly known, the vendor has to work quickly to fix the issue to protect its users.

But the software vendor may fail to release a patch before hackers manage to exploit the security hole. That’s known as a zero-day attack.