Malware: What is the difference between ‘zero day’ and ‘zero click’

With the increasing reliance on electronic devices, it is also common for groups of cybercriminals to focus on discovering vulnerabilities that they can exploit without the knowledge of the user, companies and cybersecurity organizations.

It is common knowledge in the computer world that no system is vulnerable. Basically, everything can be hacked one way or another, however, there are times when the user is very responsible for being hacked.When we talk about malware, it is very common to hear concepts like “zero day” and “zero click”. The first refers to the knowledge of the investigator or the manufacturer about the vulnerability, and the second about the ease of implementation without the participation of the victim.

What is zero day?

The zero-day vulnerability is an unknown vulnerability, so cybercriminals can exploit it without the manufacturer’s reaction to solve it.

The danger of the zero-day vulnerability is that if there is already a zero-day vulnerability, you have to work yourself to protect your device and wait for a security patch that fixes the flaw (when discovered). Fortunately, not all zero-day vulnerabilities have software to exploit.

Security researchers usually reveal software vulnerabilities to manufacturers before they are announced so that they can release a patch to fix the flaw.

What is zero click?

It is not necessarily related to “zero-day”, i.e. a vulnerability regardless of its type can be “zero click”. Although it is more complex and more dangerous.As the name suggests, this vulnerability does not require the user to click on any malicious file for their device to become infected. For example, if you install a malware-laden APK file from a third-party app store, this is not a zero-clicks vulnerability as it requires user input.

In short, zero click is a loophole in something that has not been discovered before, and it is the most powerful type of attack because it is anonymous and through which any device can be controlled and hacked without the need for pressure or user interaction with it.

The term “zero click” is also used in SEO and content marketing, but it’s something completely different.