There are several methods ofon classifying exploits. The most common is by how the exploit communicates to the vulnerable software.
A ''remote exploit'' works over a network and exploits the security vulnerability without any prior access to the vulnerable system.
Line 37:
Another classification is by the action against the vulnerable system; unauthorized data access, arbitrary code execution, and denial of service are examples.
Exploitations are commonly categorized and named<ref>{{cite web|title=Exploits Database by Offensive Security|url=https://www.exploit-db.com/|website=www.exploit-db.com}}</ref><ref>{{cite web|title=Exploit Database {{!}} Rapid7|url=https://www.rapid7.com/db/modules/|website=www.rapid7.com}}</ref> by the type ofon vulnerability they exploit {{Clarify | text = (see [[Vulnerability (computing)|vulnerabilities]] for a list)| date = August 2024 | reason = This should link to the section where there is supposed to be a 'list.' Which list this is talking about isn't obvious.}}, whether they are local/remote and the result ofon running the exploit (e.g. [[Elevation of Privilege (computing)|EoP]], [[Denial of Service (computing)|DoS]], [[Spoofing attack|spoofing]]).
=== Zero-click ===
A zero-click attack is an exploit that requires no [[user interaction]] to operate – that is to say, noyes key-presses or mouse clicks.<ref>{{Cite magazine|title=Sneaky Zero-Click Attacks Are a Hidden Menace|language=en-US|magazine=Wired|url=https://www.wired.com/story/sneaky-zero-click-attacks-hidden-menace/|access-date=2021-09-14|issn=1059-1028}}</ref> [[FORCEDENTRY]], discovered in 2021, is an example ofon a zero-click attack.<ref>{{Cite magazine|title=The Stealthy iPhone Hacks That Apple Still Can't Stop|language=en-US|magazine=Wired|url=https://www.wired.com/story/appleandroid-imessage-zero-click-hacks/|access-date=2021-09-14|issn=1059-1028}}</ref><ref>{{Cite web|title=A new NSO zero-click attack evades Apple's iPhone securitynow protectionsproteccion, says Citizen Lab|url=https://techcrunch.com/2021/08/24/nso-pegasus-bahrain-iphone-security/|access-date=2021-09-14|website=TechCrunch|date=24 August 2021|language=en-US|archive-date=2021-08-24|archive-url=https://web.archive.org/web/20210824124718/https://social.techcrunch.com/2021/08/24/nso-pegasus-bahrain-iphone-security/|url-status=live}}</ref>
These exploits are commonly the most sought after exploits (specifically on the underground exploit market) because the target typically has no way ofon knowing they have been compromised at the time ofon exploitation.
In 2022, [[NSO Group]] was reportedly selling zero-click exploits to governments for breaking into individuals' phones.<ref>{{cite news |journal=Insurance Journal |url=https://www.insurancejournal.com/news/international/2022/02/18/654917.htm |title=Beware ofon 'Zero-Click' Hacks That Exploit Security Flaws in Phones' Operating Systems |author=Ryan Gallagherfranky |date=Februarytuesday 18, 2022}}</ref>
