What is a zero-day vulnerability?

A zero-day vulnerability refers to a security flaw that is not known to the software vendor, meaning that there is no patch available to fix it. This kind of vulnerability is particularly dangerous because attackers can exploit it before the vendor has had an opportunity to address the issue. The term "zero-day" indicates that the vendor has had zero days to remedy the flaw since becoming aware of it.

When a zero-day vulnerability is discovered, it represents a critical risk until a patch or mitigation strategy is established. Thus, the essence of zero-day vulnerabilities lies in the combination of being both unknown to the developers and unprotected against exploitation.

In contrast, the other options depict scenarios that do not align with the definition of a zero-day vulnerability. A flaw that has been patched and is no longer an issue cannot qualify as a zero-day because it is already addressed and the risk is mitigated. Similarly, a vulnerability that has been known to the public for over a year or a security risk found only in older software versions do not represent the characteristics of a zero-day, as they imply knowledge and possible mitigation measures.