Arbitray Code Execution - In English, Please

Security update notifications from software vendors often contain the phrase "may allow an attacker to execute arbitrary code", but what does that mean? Arbitrary code execution refers to the (unwanted) ability of a third party to control, or take over one or more parts of a computer system. A typical computer or mobile device operating system has many little pieces (processes) running in the background, and similarly a software program or app usually consists of more than just one big "part"; if a malware program can latch onto any one of these processes, then there's a possibility it can influence or control other parts as well. This ultimately leads to the ability to do Bad Things. So, we patch - until the next vulnerability shows up.

No comments :