An exploit is a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware.
For exploits to be effective, many vulnerabilities require an attacker to initiate a series of suspicious operations to set up an exploit. Typically, a majority of the vulnerabilities are result of a software or system architecture bug. Attackers write their code to take advantage of these vulnerabilities and inject various types of malware into the system.
Many software vendors patch known bugs to remove the vulnerability. Security software also helps by detecting, reporting, and blocking suspicious operations. It prevents exploits from occurring and damaging computer systems, regardless of what malware the exploit was trying to initiate.
The typical security software implemented by businesses to ward off exploits is referred to as threat defense as well as endpoint, detection, and response (EDR) software. Other best practices are to initiate a penetration testing program, which is used to validate the effectiveness of the defense.
After an exploit is made known to the authors of the affected software, the vulnerability is often fixed through a patch to make the exploit unusable. This information is made available to security vendors as well. For publicly known cybersecurity vulnerabilities, there are organizations that list each vulnerability and provide an identification number, a description, and at least one public reference.
Exploits unknown to everyone but the people that developed them are referred to as zero-day exploits. These are by far the most dangerous exploits, as they occur when a software or system architecture contains a critical security vulnerability of which the vendor is unaware.
The vulnerability becomes known when a hacker is detected exploiting the vulnerability, hence the term zero-day exploit. Once such an exploit occurs, systems running the exploit software are vulnerable to a cyber attack. Either the vendor will eventually release a patch to correct the vulnerability or security software detects and blocks the exploit and resultant malware.