What characterizes a zero-day vulnerability?

A zero-day vulnerability is specifically characterized as a flaw that is unknown to the vendor or the software developer at the time it is discovered by attackers. This means that no official patch or fix exists to protect against exploitation of the vulnerability, which can pose significant risks as cybercriminals may exploit it before the vendor becomes aware and can address the issue.

The term "zero-day" refers to the number of days that the vendor has had to fix the flaw; in this case, it is zero days. When such vulnerabilities are discovered, they can have severe implications for users, as there are no immediate defenses available. Developers only begin to work on a fix once they are made aware of the vulnerability, and until then, users are left potentially exposed.

Other choices refer to vulnerabilities that are known and for which a patch has either been developed or is available, indicating that they do not fall under the zero-day category.