Security vulnerabilities can be found in any software product, leaving users open to attacks. Responsible software vendors, when aware of the problem, create and issue patches to address the problem.
There are companies that pay researchers or ethical hackers for new vulnerabilities. There are also hackers that sell new vulnerabilities on the black market. These zero-day attacks refer to exploiting vulnerabilities before a patch is available.
To reduce vulnerabilities, you should run the latest available patches on your operating system and any installed applications. (See Exploit, Patches)