Slashdot Mirror

← Back to Stories (view on slashdot.org)

JavaScript Attack Breaks ASLR On 22 CPU Architectures (bleepingcomputer.com)

Posted by BeauHD on from the drive-by-exploits dept.

An anonymous reader quotes a report from BleepingComputer: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations. What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS. Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.

4 of 157 comments (clear)

  1. Re:Layman's Terms by epine · · Score: 5, Insightful

    A "layman" has no place in this discussion.

    I have trouble comprehending the small mental world you live in where all of your knowledge is equally available at all times.

    There's a reason why it's polite to gloss your acronyms on first use, even in the narrowest academic publications.

    Just yesterday I was reviewing the literature on machine learning. The Juergen Schmidhuber review alone begins with the following glossary:

    AE: Autoencoder
    BFGS: Broyden—Fletcher—Goldfarb—Shanno
    BNN: Biological Neural Network
    BM: Boltzmann Machine
    BP: Backpropagation
    BRNN: Bi-directional Recurrent Neural Network
    CAP: Credit Assignment Path
    CEC: Constant Error Carousel
    CFL: Context Free Language
    CMA-ES: Covariance Matrix Estimation ES
    CNN: Convolutional Neural Network
    CoSyNE: Co-Synaptic Neuro-Evolution
    CSL: Context Sensitive Language
    CTC: Connectionist Temporal Classification
    DBN: Deep Belief Network
    DCT: Discrete Cosine Transform
    DL: Deep Learning
    DP: Dynamic Programming
    DS: Direct Policy Search
    EA: Evolutionary Algorithm
    EM: Expectation Maximization
    ES: Evolution Strategy
    FMS: Flat Minimum Search
    FNN: Feedforward Neural Network
    FSA: Finite State Automaton
    GMDH: Group Method of Data Handling
    GOFAI: Good Old-Fashioned AI
    GP: Genetic Programming
    GPU: Graphics Processing Unit
    GPU-MPCNN: GPU-Based MPCNN
    HMM: Hidden Markov Model
    HRL: Hierarchical Reinforcement Learning
    HTM: Hierarchical Temporal Memory
    HMAX: Hierarchical Model "and X"
    LSTM: Long Short-Term Memory (RNN)
    MDL: Minimum Description Length
    MDP: Markov Decision Process
    MNIST: Mixed National Institute of Standards and Technology Database
    MP: Max-Pooling
    MPCNN: Max-Pooling CNN
    NE: NeuroEvolution
    NEAT: NE of Augmenting Topologies
    NES: Natural Evolution Strategies
    NFQ: Neural Fitted Q-Learning
    NN: Neural Network
    OCR: Optical Character Recognition
    PCC: Potential Causal Connection
    PDCC: Potential Direct Causal Connection
    PM: Predictability Minimization
    POMDP: Partially Observable MDP
    RAAM: Recursive Auto-Associative Memory
    RBM: Restricted Boltzmann Machine
    ReLU: Rectified Linear Unit
    RL: Reinforcement Learning
    RNN: Recurrent Neural Network
    R-prop: Resilient Backpropagation
    SL: Supervised Learning
    SLIM NN: Self-Delimiting Neural Network
    SOTA: Self-Organizing Tree Algorithm
    SVM: Support Vector Machine
    TDNN: Time-Delay Neural Network
    TIMIT: TI/SRI/MIT Acoustic-Phonetic Continuous Speech Corpus
    UL: Unsupervised Learning
    WTA: Winner-Take-All

    And it's but one of dozens of fields where I stick my finger into the alphabet pie.

  2. Re:CPUs, not CPU architecture by sexconker · · Score: 4, Insightful

    You're confusing CPU architecture with instruction set architecture. They used to be the same (and in some cases still are) but most processors have a physical architecture that implements an ISA via microcode translation. With memory controllers (and a whole lot of other shit) on the same package. the term "architecture" has drifted even further from ISA and more toward the entire SoC.

  3. Re:scripting is incompatible with security by sexconker · · Score: 5, Insightful

    Don't run code you don't trust.
    Javascript is code, no matter how much your browser tries to sandbox it or put shackles on it, it's going to be flying around in your CPU if you let it run.
    If you don't trust the Javascript, don't run it.

    There are 3 points to this problem:

    Shitty fucking developers write shitty fucking websites that NEED Javascript to function.
    Shitty fucking users like shiny, stupid shit and encourage that behavior.
    Shitty fucking browsers let it all run by default and focus on speed, not security to please the shitty fucking users.
    (And this loops back to shitty fucking developers seeing that they can bloat up their site even more because Chrome v8247 tweaked Javascript regex performance to be 2.8% faster.)

  4. Re:scripting is incompatible with security by Pascoea · · Score: 3, Insightful

    Yes, because every web page should be a static HTML document with zero interactivity. And web applications are a fad that will go away soon.