What is an Exploit and what is a 0-Day exploit?
An exploit is the technique that turns a vulnerability into an actual breach; a 0-day exploits a flaw the vendor doesn't yet know about (no patch exists).
An exploit is a technique that takes advantage of a vulnerability to breach the security of a system in violation of its security policy. The vulnerability is the weakness; the exploit is the act of weaponizing it.
A 0-Day (zero-day) exploit targets a vulnerability that is unknown to the software vendor, so:
- No patch exists yet
- Defenders have had "zero days" to react
- It's especially dangerous — signature-based defenses don't recognize it
Exploits don't always involve malware. Malware can use an exploit to get in (that's a common pattern), but plenty of exploits deliver no malware at all — for example, exploiting an authentication bypass to read a database, or Heartbleed leaking server memory to steal keys. The exploit breaches the system; what happens next (data theft, malware drop, defacement, nothing) depends on the attacker's goal.
Go deeper:
Zero-day vulnerability (Wikipedia) — "zero days to react," the no-patch danger, and that most attacks still use known flaws.