Slashdot Mirror
JavaScript Attack Breaks ASLR On 22 CPU Architectures (bleepingcomputer.com)
An anonymous reader quotes a report from BleepingComputer: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations. What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS. Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.
'cause every layman knows what ASLR is.
I had the same thought. At first I thought it was related to digital photography. Here is what this is really all about: https://en.wikipedia.org/wiki/Address_space_layout_randomization
In layman's terms: Keeping the locations of things in memory unpredictable so that, for example, if I am trying to exploit some arbitrary code execution flaw I can't count that my code will end up in the place I want or expect it.
OK, fair enough, but if it's expressed in another language (assuming it's not part of your OS) you have to explicitly get and run the malicious software. If it's javascript you get it just by visiting a web page with default browser settings.
Delivery is different, even if in theory you could get it via some other means.