(LiveHacking.Com) – Any reader of this blog will inevitably come across words like vulnerability, exploit, malware, Trojan and so on. Some of these words have connected meanings but in themselves they have clear and separate definitions. For example a Trojan is a type of malware, but not all malware is a Trojan. What about ‘vulnerability’ and ‘exploit’, are they they same thing? If not, what is the connection?
A vulnerability is a flaw in a system, or in some software in a system, that could provide an attacker with a way to bypass the security infrastructure of the host operating system or of the software itself. It isn’t an open door but rather a weakness which if attacked could provide a way in.
Exploiting is the act of trying to turn a vulnerability (a weakness) into an actual way to breach a system. A vulnerability can therefore be ‘exploited’ to turn it into viable method to attack a system.
In software (rather than whole systems including the people, the computers, the firewalls and the networks etc), the most common type of vulnerability is a memory error. These can be buffer overflows, heap corruptions or NULL pointer de-references. Once a memory issue has been discovered an attacker will try to exploit it by manipulating how the memory is corrupted in the hope to alter some aspect of the addressing (maybe a return address). This can then be used to make the CPU run code in another part of memory. If arbitrary code execution is achieved then the system can be exploited. The extent of the exploit will depend on the nature of the vulnerability, if privilege elevation was achieved and the extent of technologies such as sand-boxing or address space layout randomization (ASLR).
Turning a software vulnerability into an exploit can be hard. Google, for example, rewards security researchers for finding vulnerabilities in its Chrome web browser. The payouts Google make are in the range of $500 to $3000. However it also runs competitions for security specialists to present exploited vulnerabilities. These exploits are rewarded much larger sums, as much as $60,000. The difference in payouts reflects the magnitude of the task when trying to exploit a vulnerability.