Privilege escalation is the act of exploiting abug, adesign flaw, or a configuration oversight in anoperating system orsoftware application to gain elevated access toresources that are normally protected from an application oruser. The result is that an application or user with moreprivileges than intended by theapplication developer orsystem administrator can performunauthorized actions.

Most computer systems are designed for use with multiple user accounts, each of which has abilities known asprivileges. Common privileges include viewing and editing files or modifying system files.

Privilege escalation means users receive privileges they are not entitled to. These privileges can be used to delete files, viewprivate information, or install unwanted programs such as viruses. It usually occurs when a system has abug that allows security to be bypassed or, alternatively, has flawed design assumptions about how it will be used. Privilege escalation occurs in two forms:

• Vertical privilege escalation, also known asprivilege elevation, where a lower privilege user or application accesses functions or content reserved for higher privilege users or applications (e.g. Internet Banking users can access site administrative functions or the password for a smartphone can be bypassed).
• Horizontal privilege escalation, where a normal user accesses functions or content reserved for other normal users (e.g. Internet Banking User A accesses the Internet bank account of User B).

This type ofprivilege escalation occurs when the user or process is able to obtain a higher level of access than an administrator or system developer intended, possibly by performingkernel-level operations.

In some cases, a high-privilege application assumes that it would only be provided with input matching its interface specification, thus doesn't validate this input. Then, an attacker may be able to exploit this assumption, in order to run unauthorized code with the application's privileges:

• SomeWindows services are configured to run under the Local System user account. A vulnerability such as abuffer overflow may be used to executearbitrary code with privilege elevated to Local System. Alternatively, a system service that is impersonating a lesser user can elevate that user's privileges if errors are not handled correctly while the user is being impersonated (e.g. if the user has introduced a maliciouserror handler)
• Under some legacy versions of theMicrosoft Windows operating system, the All Usersscreensaver runs under the Local System account – any account that can replace the current screensaverbinary in the file system orRegistry can therefore elevate privileges.
• A Windows Program, such as ProcessHacker2 or System Informer, can be used to run programs likecmd.exe as built-in accounts, also providing access toTrustedInstaller. Another method is to use a kernel driver like winring0.sys to run programs with kernel access. This driver can also be exploited to run programs as an administrator, bypassing UAC.^[1]
• In certain versions of theLinux kernel it was possible to write a program that would set its current directory to/etc/cron.d, request that acore dump be performed in case it crashes and then have itselfkilled by another process. The core dump file would have been placed at the program's current directory, that is,/etc/cron.d, andcron would have treated it as a text file instructing it to run programs on schedule. Because the contents of the file would be under attacker's control, the attacker would be able to execute any program withroot privileges.
• Cross Zone Scripting is a type of privilege escalation attack in which a website subverts the security model of web browsers, thus allowing it to run malicious code on client computers.
• There are also situations where an application can use other high privilege services and has incorrect assumptions about how a client could manipulate its use of these services. An application that can executeCommand line orshell commands could have aShell Injection vulnerability if it uses unvalidated input as part of an executed command. An attacker would then be able to run system commands using the application's privileges.
• Texas Instruments calculators (particularly theTI-85 andTI-82) were originally designed to use only interpreted programs written in dialects ofTI-BASIC; however, after users discovered bugs that could be exploited to allow nativeZ-80 code to run on the calculator hardware, TI released programming data to support third-party development. (This did not carry on to theARM-basedTI-Nspire, for which jailbreaks usingNdless have been found but are still actively fought against by Texas Instruments.)
• Some versions of theiPhone allow an unauthorised user to access the phone while it is locked.^[2]

In computer security,jailbreaking is defined as the act of removing limitations that a vendor attempted to hard-code into its software or services.^[3] A common example is the use of toolsets to break out of achroot orjail inUNIX-like operating systems^[4] or bypassingdigital rights management (DRM). In the former case, it allows the user to see files outside of thefilesystem that the administrator intends to make available to the application or user in question. In the context of DRM, this allows the user to run arbitrarily defined code on devices with DRM as well as break out of chroot-like restrictions. The term originated with theiPhone/iOS jailbreaking community and has also been used as a term forPlayStation Portable hacking; these devices have repeatedly been subject to jailbreaks, allowing the execution of arbitrary code, and sometimes have had those jailbreaks disabled by vendor updates.

iOS systems including theiPhone,iPad, andiPod Touch have been subject toiOS jailbreaking efforts since they were released, and continuing with each firmware update.^[5][6] iOS jailbreaking tools include the option to install package frontends such asCydia andInstaller.app, third-party alternatives to theApp Store, as a way to find and install system tweaks and binaries. To prevent iOS jailbreaking, Apple has made the deviceboot ROM execute checks forSHSH blobs in order to disallow uploads of custom kernels and prevent software downgrades to earlier, jailbreakable firmware. In an "untethered" jailbreak, the iBoot environment is changed to execute a boot ROM exploit and allow submission of a patched low level bootloader or hack the kernel to submit the jailbroken kernel after the SHSH check.

A similar method of jailbreaking exists forS60 Platformsmartphones, where utilities such as HelloOX allow the execution of unsigned code and full access to system files.^[7][8] or edited firmware (similar to the M33 hacked firmware used for thePlayStation Portable)^[9] to circumvent restrictions onunsigned code.Nokia has since issued updates to curb unauthorized jailbreaking, in a manner similar to Apple.

In the case of gaming consoles, jailbreaking is often used to executehomebrew games. In 2011,Sony, with assistance from law firmKilpatrick Stockton, sued 21-year-oldGeorge Hotz and associates of the group fail0verflow for jailbreaking thePlayStation 3 (seeSony Computer Entertainment America v. George Hotz andPlayStation Jailbreak).

Jailbreaking can also occur in systems and software that usegenerative artificial intelligence models, such asChatGPT. In jailbreaking attacks on artificial intelligence systems, users are able to manipulate the model to behave differently than it was programmed, making it possible to reveal information about how the model was instructed and induce it to respond in an anomalous or harmful way.^[10][11]

Android phones can be officially rooted by either going through manufacturers controlled process, using an exploit to gain root, or installing a rooting modification. Manufacturers allow rooting through a process they control, while some allow the phone to be rooted simply by pressing specific key combinations at boot time, or by other self-administered methods. Using a manufacturers method almost always factory resets the device, making rooting useless to people who want to view the data, and also voids the warranty permanently, even if the device is derooted and reflashed. Software exploits commonly either target a root-level process that is accessible to the user, by using an exploit specific to the phone's kernel, or using a known Android exploit that has been patched in newer versions; by not upgrading the phone, or intentionally downgrading the version.

Operating systems and users can use the following strategies to reduce the risk of privilege escalation:

• Data Execution Prevention
• Address space layout randomization (to make it harder forbuffer overruns to execute privileged instructions at known addresses in memory)
• Running applications withleast privilege (for example by runningInternet Explorer with the AdministratorSID disabled in the processtoken) in order to reduce the ability of buffer overrunexploits to abuse the privileges of an elevated user.
• Requiring kernel mode code to be digitally signed.
• Patching
• Use ofcompilers that trap buffer overruns^[12]
• Encryption of software and/orfirmware components.
• Use of an operating system with Mandatory Access Controls (MAC) such asSELinux^[13]
• Kernel Data Relocation Mechanism (dynamically relocates privilege information in the running kernel, preventing privilege escalation attacks using memory corruption)

Recent research has shown what can effectively provide protection against privilege escalation attacks. These include the proposal of the additional kernel observer (AKO), which specifically prevents attacks focused on OS vulnerabilities. Research shows that AKO is in fact effective against privilege escalation attacks.^[14]

Horizontal privilege escalation occurs when an application allows the attacker to gain access toresources which normally would have been protected from an application oruser. The result is that the application performs actions with the same user but different security context than intended by theapplication developer orsystem administrator; this is effectively a limited form of privilege escalation (specifically, the unauthorized assumption of the capability of impersonating other users). Compared to the vertical privilege escalation, horizontal requires no upgrading the privilege of accounts. It often relies on the bugs in the system.^[15]

This problem often occurs inweb applications. Consider the following example:

• User A has access to their own bank account in an Internet Banking application.
• User B has access to their own bank account in the same Internet Banking application.
• The vulnerability occurs when User A is able to access User B's bank account by performing some sort of malicious activity.

This malicious activity may be possible due to common web application weaknesses or vulnerabilities.

Potential web application vulnerabilities or situations that may lead to this condition include:

• Predictablesession IDs in the user'sHTTP cookie
• Session fixation
• Cross-site scripting
• Easily guessablepasswords
• Theft or hijacking ofsession cookies
• Keystroke logging

• Cybersecurity
• Defensive programming
• Hacking of consumer electronics
• Illegal number
• Principle of least privilege
• Privilege revocation (computing)
• Privilege separation
• Rooting (Android OS)
• Row hammer

• Operating system security
• Privilege escalation exploits

• All articles with dead external links
• Articles with dead external links from September 2010
• Articles with short description
• Short description is different from Wikidata