Google reveals 'BuggyCow,' a rare macOS zero-day vulnerability
wired.comPrevious discussion: https://news.ycombinator.com/item?id=19298515
God damn it Wired, not every security bug is a zero day. The bug was discovered 94 days ago. 0≠94
Zero-day is when a new virus exploits a previously unknown vulnerability. There is no virus, and the vulnerability has been known about for over three months. There is no justification for calling this "zero day" except to beg for clicks and sound cool.
Zero-day is most generally used in security to mean a bug that is released without a patch. This is a zero day.
Day Zero is the day that the developers learn about the vulnerability. If that day is the same as the day that the public learns of it, or the day that an attack occurs, then we call it a "zero day vulnerability". We are currently on 94 days since Apple was informed of the bug, making this a 94-day vulnerability.
There are probably three or four different definitions for "zero-day vulnerability" that many people regularly use. I'd say just roll with it.
I did not think that there had to be code exploiting a zero day vulnerability in order to be "zero day".
Mark my words. "Zero day" will become the new term for a vulnerability in mainstream media and eventually the community will adopt the new meaning. Just remember what happened to "hacker."