Slashdot Mirror

← Back to Stories (view on slashdot.org)

JavaScript Attack Breaks ASLR On 22 CPU Architectures (bleepingcomputer.com)

Posted by BeauHD on from the drive-by-exploits dept.

An anonymous reader quotes a report from BleepingComputer: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations. What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS. Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.

1 of 157 comments (clear)

  1. Maybe it's time to return to LISP machines by presidenteloco · · Score: 3, Interesting

    No, semi-seriously.

    The concept of a LISP machine was a computer which only executed one programming language, at least only one language in which non built-in code would execute.
    And that language was memory secure, in that it packaged memory use into high-level cells which referenced each other in a single standard way.

    There was no way that a process could "break out" and access something else's memory. A LISP program running in one process only understood and could access its own linked memory cells.

    This was enough programming freedom to program whatever you wanted, and the point is, the memory model was simple, uniform, and thereby secure.

    I'm not exactly saying return to LISP machines. I'm saying return to an architecture which includes a simple and secure memory access model, with no workarounds to the high-level memory cell access permitted. This could be enforced at the machine-language level, and/or by restricting allowed programming languages to inherently memory-secure ones.

    --

    Where are we going and why are we in a handbasket?