Here’s an example of a common type of exploit which might give you an idea of how it works.

Your computer uses a thing called memory (specifically it’s called RAM, you might have heard that term), where it stores everything it’s currently using or will need in the near future. Your operating system is on there, any programs you’re running are stored in there, that cool jpeg you looked at earlier but forgot to close the window for is in there.

Generally, it’s the responsibility of the program to request its own little space in RAM to put everything it needs, and there are security measures that mean it can read only what’s stored in its own special space. Fruit Ninja can’t read the memory of something allocated to Safari, and visa versa. Importantly, apps are usually VERY separated from the RAM used by the operating system. But sometimes this security system doesn’t work as planned, and an app can read and even write areas of memory not assigned to it! Meaning it can view or change what the app that is allocated to that area is doing. When that “app” is the OS, you can often very easily gain control of the whole system.