A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders. Used as a verb, exploit refers to the act of successfully making such an attack.
An exploit takes advantage of a weakness in an operating system, application or any other software code, including application plug-ins or software libraries. The owners of the code typically issue a fix, or patch, in response. Users of the system or application are responsible for obtaining the patch, which can usually be downloaded from the software developer on the web, or it may be downloaded automatically by the operating system or application that needs it. Failure to install a patch for a given problem exposes the user to a computer exploit and the possibility of a security breach.
Types of computer exploits
Security exploits come in all shapes and sizes, but some techniques are used more often than others. Some of the most common web-based security vulnerabilities include SQL injection attacks, cross-site scripting and cross-site request forgery, as well as abuse of broken authentication code or security misconfigurations.
Computer exploits can be categorized in several different ways, depending on how the exploits work and what type of attacks they are able to accomplish. The most familiar type of exploit is the zero-day exploit, which takes advantage of a zero-day vulnerability. A zero-day vulnerability occurs when a piece of software -- usually an application or an operating system -- contains a critical security vulnerability of which the vendor is unaware. The vulnerability only becomes known when a hacker is detected exploiting the vulnerability, hence the term zero-day exploit. Once such an exploit occurs, systems running the software are left vulnerable to an attack until the vendor releases a patch to correct the vulnerability and the patch is applied to the software.
Computer exploits can be characterized by the expected result of the attack, such as denial of service, remote code execution, privilege escalation, malware delivery or other malicious goals. Computer exploits may also be characterized by the type of vulnerability being exploited, including buffer overflow exploits, code injection or other types of input validation vulnerabilities and side-channel attacks.
How do exploits occur?
Although exploits can occur in a variety of ways, one common method is for exploits to be launched from malicious websites. The victim might visit such a site by accident, or they might be tricked into clicking on a link to the malicious site within a phishing email or a malicious advertisement.
Malicious websites used for computer exploits may be equipped with exploit packs, software toolkits that include malicious software that can be used to unleash attacks against various browser vulnerabilities from a malicious website, or from a website that has been hacked. Such attacks usually target software coded in Java, unpatched browsers or browser plug-ins, and they are commonly used to deploy malware onto the victim's computer.
Automated exploits, such as those launched by malicious websites, are often composed of two main components: the exploit code and the shell code. The exploit code is the software that attempts to exploit a known vulnerability. The shell code is the payload of the exploit -- software designed to run once the target system has been breached. The shell code gets its name from the fact that some of these payloads open a command shell that can be used to run commands against the target system; however, not all shell code actually opens a command shell.
Famous vulnerabilities and exploits
In recent years, many high-profile exploits have been used to commit massive data breaches and malware attacks. In 2016, for example, Yahoo announced a hack that had occurred years earlier had caused the data of 1 billion users to be leaked. The attackers gained access to users' email accounts because the passwords were protected by MD5, which is a weak and outdated hashing algorithm.
One of the most well-known exploits in recent years is EternalBlue, which attacks a patched flaw in the Windows Server Message Block protocol. The exploit, which has been attributed to the National Security Agency, was made public by the Shadow Brokers group this year and later used by threat actors in the WannaCry and NotPetya ransomware attacks.
Most recently, credit-reporting firm Equifax suffered a massive data breach after attackers exploited a critical vulnerability in the Apache Struts framework, which was used in one of the company's web applications. A patch was released earlier this year for the critical flaw, which was being exploited in the wild, but Equifax did not update its web app until after the attackers were detected.