Exploits are objects or methods that take advantage of a flaw in a program to make it behave unexpectedly. Doing so creates conditions that an attacker can use to perform other harmful actions.
An exploit can be either an object or a method. For example, a specially crafted program, a piece of code or a string of characters are all objects; a specific sequence of commands is a method.
An exploit is used to take advantage of a flaw or loophole (also known as a vulnerability) in a program. Because every program is different, each exploit has to be carefully tailored to that specific program.
There are several ways for an attacker to deliver an exploit so that it can affect a computer or device:
- Embedding it in a hacked or specially crafted program – when you install and launch the program, the exploit is launched
- Embedding it in a document attached to an email – when you open the attachment, the exploit is launched
- Hosting it on a hacked or harmful website – when you visit the site, the exploit is launched
Launching the exploit causes the program to behave unexpectedly, such as forcing it to crash, or tampering with the system’s storage or memory. This can create conditions that allow an attacker to perform other harmful actions, such as stealing data or gaining access to restricted sections of the operating system.