What are zero-day exploits characterized by?

Zero-day exploits are specifically characterized by the fact that they take advantage of security vulnerabilities that are not yet known to the software vendor or the general public. Because these vulnerabilities are undiscovered, they do not have patches available to mitigate the risks they pose. This lack of awareness allows cyber attackers to exploit these vulnerabilities before they can be addressed, hence the term "zero-day," which refers to the vulnerability being exploited from the moment it is discovered until a patch or fix is created and applied.

This concept is critical in cybersecurity, as the window of opportunity for malicious actors can be significant when a vulnerability is unknown. In contrast, vulnerabilities that are detectable and have patches available (as suggested in other choices) do not fit the characteristics of zero-day exploits, since they can be resolved and are typically documented and known to the security community. Additionally, weaknesses that can be easily fixed or have been common knowledge for years also do not align with the definition of a zero-day exploit, which is inherently defined by its secrecy and the absence of solutions at the time of exploitation.