What is an n-day security attack?

Question

There are several attacks types in computer security. For instance, zero-day attacks consist of attacks that use undisclosed exploits. In contrast, what is an n-day attack? Is it a security concern?

Answer 1

A zero-day attack is an attack that relies on an undisclosed vulnerability in the design or implementation of a system in order to violate its security.

Most commonly, such attacks consist of using zero-day exploits to access information systems or execute code on privileged systems. Such exploits are called 'zero-day' because security administrators have had no time to mitigate them between the moment they were disclosed and the moment they are used to perform attacks.

In contrast, the typical responsible disclosure procedure involves privately contacting software vendors and exposing the vulnerability to them, and leaving them reasonable amounts of time to fix the vulnerability and distribute the fix to their clients and users. This process can require coordination between multiple software vendors and distributors so that they all release and distribute fixes or patches on the same day. Indeed, releasing a fix helps attackers understand the existence of a vulnerability in the first place, and teaches them how to attack the systems that have not been patched yet.

This is where 1-day or n-day exploits kick in: now that vendors have admitted to a fault and started repairing it publicly, attackers can write exploits that target those systems that were not yet updated since the time of disclosure. The term 1-day or n-day indicates that a delay of 1 or more day / n days has occurred between the time of disclosure and the time a system is attacked. The goal of vendors, distributors and administrators is then to patch systems as quickly as possible to avoid n-day attacks.