Malicious software code that exploits a software vulnerability which hasn't yet been repaired by the manufacturer or recognised by anti-virus software is called a zero day attack. This kind of attack is particularly dangerous because until it has been detected, end users can become victims of the malicious code even whilst running anti-virus software and having the latest patches.
The worlds most often attacked software manufacturer, Microsoft, releases security updates to all its products once a month on what has become known as Patch Tuesday. Some believe that this cycle is too short, potentially leaving some zero day vulnerabilities unpatched for as long as a month. In practice however, 3rd party security companies usually beat Microsoft to protecting against these vulnerabilities.
Trusteer explains why hackers are two steps ahead of the mobile security industry and are ready to exploit vulnerabilities on Android and iOS devices when they become more widely used for on-line mobile banking applications