A zero-day exploit uses which type of vulnerability?

A zero-day exploit specifically targets vulnerabilities that are unknown to the vendor or have not been publicly disclosed. This means that while cybercriminals are aware of the vulnerability and can exploit it, the vendor has not yet had the opportunity to develop a security patch or provide any official recognition of the issue. This type of vulnerability is particularly dangerous because there are no defenses in place; the vendor hasn't released any fixes or mitigations, leaving systems exposed to attacks.

Selecting this choice illustrates an understanding of the term "zero-day," which refers to the fact that once the exploit is utilized, the vendor has "zero days" to address the issue before it becomes a significant threat. The distinction is critical in cybersecurity, as defenses typically revolve around known vulnerabilities that can be patched or mitigated. Thus, addressing vulnerabilities that have not been disclosed to the vendor aligns precisely with the nature of zero-day exploits.