A zero day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. At that point, it's exploited before a fix becomes available from its creator.
The curriculum vitae of a vulnerability can basically be divided into 4 time periods:
1 Seemingly safety gap-free section
2 A vulnerability is detected by someone and, if necessary, reported to the manufacturer of the program. At best, he also writes an attack program or sells this information to intelligence agencies or criminals.
3 The manufacturer develops an error correction (patch) depending on the significance of the vulnerability (only 60% – 80% of the published vulnerabilities are patched) and publishes the error correction – possibly together with the (previously unpublished) vulnerability. (Bug fixes can also contain security holes!), until the user finally installs the patch (possibly after a compatibility check).
4 Attack programs are also generated automatically from error corrections within a very short time (minutes). Thus, the update procedures of the manufacturers become serious security risks for the users.