Editing Exploit (computer security) (section)

== Description ==
Exploits target vulnerabilities, which are essentially flaws or weaknesses in a system's defenses.
Common targets for exploits include [[operating systems]], [[web browsers]], and various [[Application software|applications]], where hidden vulnerabilities can compromise the integrity and [[Computer security|security]] of [[computer systems]].
Exploits can cause unintended or unanticipated behavior in systems, potentially leading to severe [[security breaches]].<ref name="MWB-2024-04-15">
{{cite web | title = Exploit Definition | website = Malwarebytes | date = 2024-04-15 | url = https://www.malwarebytes.com/exploits | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240516063544/https://www.malwarebytes.com/exploits | archivedate = 2024-05-16 | url-status = live | quote = A computer exploit is a type of malware that takes advantage of bugs or vulnerabilities, which cybercriminals use to gain illicit access to a system. These vulnerabilities are hidden in the code of the operating system and its applications just waiting to be discovered and put to use by cybercriminals. Commonly exploited software includes the operating system itself, browsers, Microsoft Office, and third-party applications. }}</ref><ref name="mitre-2020-10-15">
{{cite web | title = Obtain Capabilities: Exploits, Sub-technique T1588.005 | website = MITRE ATT&CK® | date = 2020-10-15 | url = https://attack.mitre.org/techniques/T1588/005/ | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240524110426/https://attack.mitre.org/techniques/T1588/005/ | archivedate = 2024-05-24 | url-status = live | quote = Adversaries may buy, steal, or download exploits that can be used during targeting. An exploit takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer hardware or software. }}</ref>

Many exploits are designed to provide [[superuser]]-level access to a computer system.
Attackers may use multiple exploits in succession to first gain low-level access and then [[Privilege escalation|escalate privileges]] repeatedly until they reach the highest administrative level, often referred to as "root."
This technique of chaining several exploits together to perform a single attack is known as an exploit chain.

Exploits that remain unknown to everyone except the individuals who discovered and developed them are referred to as zero-day or "0day" exploits.
After an exploit is disclosed to the authors of the affected software, the associated vulnerability is often fixed through a [[Patch (computing)|patch]], rendering the exploit unusable.
This is why some [[Black hat (computer security)|black hat hackers]], as well as military or intelligence agency hackers, do not publish their exploits but keep them private.
One scheme that offers zero-day exploits is known as [[exploit as a service]].<ref name=EAA_1>{{cite web| title=Exploit-as-a-service: Cybercriminals exploring potential of leasing out zero-day vulnerabilities| author=Leyden, J.| work=The Daily Swig &#124; Cybersecurity news and views| url=https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities| publisher=PortSwigger Ltd| date=16 November 2021| access-date=18 December 2023}}</ref>