An exploit is a piece of code, a chunk of data, or a program designed to take advantage of computer system bugs or vulnerabilities. Hackers typically use exploits for malicious purposes, such as to cause unintended behavior or install malware. They usually target the so-called “CIA triad,” which stands for confidentiality, integrity, and availability. An exploit isn’t malware itself — rather, it is the method or process used by cyberattackers to infect a system or device with malware.
See also: vulnerability
Types of exploits
- Known exploits. This type of exploit is usually well-documented. That means developers can prepare for them and fix the vulnerabilities they are trying to target. Known exploits appear on the Common Vulnerabilities and Exposures (CVE) index.
- Unknown, or zero-day, exploits. These are exploits that software or antivirus developers haven’t discovered yet. Created by cybercriminals, zero-day exploits often attack on the same day. When that happens, developers and security experts have to quickly find out how the exploit works and look for ways to fix the vulnerability.
Dangers of exploits
- Unauthorized access. Exploits can allow attackers to access systems, networks, or devices, bypassing security measures.
- Data theft. Hackers can use them to steal sensitive information, such as personal, financial, and confidential business data. Then they can use these valuable details for identity theft, financial fraud, or corporate espionage.
- Malware infection. Exploits can deliver malware to the targeted system so that the attackers can steal data or create backdoors for future attacks.