What is defined as a zero-day exploit?

A zero-day exploit refers to a vulnerability that is actively being exploited by attackers before the software developer has had the opportunity to address it with a patch. This means that the exploit occurs "zero days" after the vulnerability is discovered, leaving users and systems unprotected until a fix can be developed and distributed. Because the exploit takes advantage of a flaw that is not yet known to the vendor or the public, it presents a significant risk; the lack of awareness means there are no immediate defenses or mitigations available.

In this context, the other choices do not describe a zero-day exploit accurately. A security patch following the discovery of a vulnerability highlights a response to such vulnerabilities but does not define the exploit itself. A type of virus that affects software does not specifically capture the essence of a zero-day exploit, as it could refer to a variety of malware that may or may not involve unknown vulnerabilities. Similarly, malware that requires user interaction does not fit the definition, as zero-day exploits can operate independently of user action, primarily targeting unpatched software systems.