Content deleted Content added
tag fv |
→top: Replace the "definition" with info from the probably over-done refs. The refs indicate a definition different from before. Tag: Disambiguation links added |
||
Line 1:
{{Short description|Compromising a computer system}}
An '''exploit''' (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a method or piece of code that takes advantage of [[Vulnerability (computer security)|vulnerabilities]] in [[software]], [[Application software|applications]], [[Computer network|networks]], [[operating systems]], or [[hardware]], typically for malicious purposes.
These vulnerabilities, essentially flaws or weaknesses in the system's defenses, allow exploits to identify flaws, bypass security measures, gain unauthorized access to systems, take control of systems, install malware, or steal sensitive data.
While an exploit by itself may not be a [[malware]], it serves as a vehicle for delivering malicious software by breaching [[security controls]].
Common targets for exploits include operating systems, [[web browsers]], and various applications, where hidden vulnerabilities can be exploited to compromise the integrity and [[Computer security|security]] of [[computer systems]].
Exploits can cause unintended or unanticipated behavior in computer systems, potentially leading to severe [[security breaches]].<ref>{{cite web | last = Latto | first = Nica | title = Exploits: What You Need to Know | website = Exploits: What You Need to Know | date = 2020-09-29 | url = https://www.avast.com/c-exploits | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240515153218/https://www.avast.com/c-exploits | archivedate = 2024-05-15 | url-status = live | quote = An exploit is any attack that takes advantage of vulnerabilities in applications, networks, operating systems, or hardware. Exploits usually take the form of software or code that aims to take control of computers or steal network data. }}</ref><ref>{{cite web | title = Exploit Definition | website = Malwarebytes | date = 2024-04-15 | url = https://www.malwarebytes.com/exploits | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240516063544/https://www.malwarebytes.com/exploits | archivedate = 2024-05-16 | url-status = live | quote = A computer exploit is a type of malware that takes advantage of bugs or vulnerabilities, which cybercriminals use to gain illicit access to a system. These vulnerabilities are hidden in the code of the operating system and its applications just waiting to be discovered and put to use by cybercriminals. Commonly exploited software includes the operating system itself, browsers, Microsoft Office, and third-party applications. }}</ref><ref>{{cite web | title = What Is an Exploit? | website = Cisco | date = 2023-10-06 | url = https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-exploit.html | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240531021442/https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-exploit.html | archivedate = 2024-05-31 | url-status = live | quote = An exploit is a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware.}}</ref><ref>{{cite book | last = Gonzalez | first = Joaquin Jay III | last2 = Kemp | first2 = Roger L. | title = Cybersecurity: Current Writings on Threats and Protection | publisher = McFarland & Company | publication-place = Jefferson, North Carolina | date = 2019-01-25 | isbn = 978-1-4766-3541-5 | page = 241 | url = https://books.google.co.th/books?id=yyqFDwAAQBAJ&pg=PA241&lpg=PA241&dq=%22A+technique+to+breach+the+security+of+a+network+or+information+system+in+violation+of+security+policy%22&ots=J6AejpcRHx&sig=ACfU3U0EoNbNEI0_wB1oBlWWLFd1TViycQ&hl=en#v=onepage&q=%22A%20technique%20to%20breach%20the%20security%20of%20a%20network%20or%20information%20system%20in%20violation%20of%20security%20policy%22&f=false | quote = A technique to breach the security of a network or information system in violation of security policy.}}</ref><ref>{{cite web | title = OWASP Secure Coding Practices | website = OWASP Foundation | url = https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/03-appendices/05-glossary | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240106035619/https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/03-appendices/05-glossary | archivedate = 2024-01-06 | url-status = live | quote = To take advantage of a vulnerability. Typically this is an intentional action designed to compromise the software's security controls by leveraging a vulnerability.}}</ref><ref>{{cite web | title = Obtain Capabilities: Exploits, Sub-technique T1588.005 | website = MITRE ATT&CK® | date = 2020-10-15 | url = https://attack.mitre.org/techniques/T1588/005/ | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240524110426/https://attack.mitre.org/techniques/T1588/005/ | archivedate = 2024-05-24 | url-status = live | quote = Adversaries may buy, steal, or download exploits that can be used during targeting. An exploit takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer hardware or software. }}</ref>
==Classification==
| |||