What do 'zero-day vulnerabilities' refer to?

Zero-day vulnerabilities are security flaws that are exploited by attackers before the software developers have had the opportunity to patch them. The term "zero-day" refers to the fact that the developers have had zero days to fix the issue since it became known. This type of vulnerability is particularly dangerous because it can be exploited in the wild, meaning that attackers can leverage these flaws before the public or the software company is even aware of their existence.

For instance, if an attacker identifies a vulnerability in a popular software application and begins to exploit it right away, that is a zero-day attack. Since the developers are not yet aware of the vulnerability, they cannot provide a fix, leaving users of the affected software at risk until a patch is released and applied.

The other choices are related to security and vulnerabilities but do not correctly capture the definition of zero-day vulnerabilities. For example, known vulnerabilities that have been patched do not fall under the zero-day category, because these flaws are recognized and solutions have been provided. Similarly, system flaws affecting only mobile devices or vulnerabilities discovered after a software update do not define the zero-day concept as they reference different scenarios of vulnerability management.