All computers rely on software (or “firmware”, in some devices) to translate input or user commands into action. Software manages user logins, performs database queries, executes website form submissions, controls hardware and peripherals, and manages other aspects of computer and network functionality that could be exploited by a hacker. Aside from the fact that programmers make mistakes and oversights, it is impossible for software developers to anticipate every feasible vulnerability in their code. The most developers can hope for is to patch and amend their software as vulnerabilities are discovered. This is why it is so important to keep software up to date.
Some software vulnerabilities are due to errors in programming, but most are simply due to unanticipated flaws in design. Software is often secure when used as designed, but unforeseen and unintended combinations of inputs, commands, and conditions often result in unanticipated consequences. Without strict controls on how users interact with software, many software vulnerabilities are discovered by mistake or at random. Hackers make it their business to discover these anomalies as quickly as possible.