JavaScript Attack Breaks ASLR On 22 CPU Architectures (bleepingcomputer.com) 35
An anonymous reader quotes a report from BleepingComputer: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations. What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS. Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.
Layman's Terms (Score:2)
'cause every layman knows what ASLR is.
I had the same thought. At first I thought it was related to digital photography. Here is what this is really all about: https://en.wikipedia.org/wiki/Address_space_layout_randomization [wikipedia.org]
In layman's terms: Keeping the locations of things in memory unpredictable so that, for example, if I am trying to exploit some arbitrary code execution flaw I can't count that my code will end up in the place I want or expect it.
A definition of "layman's terms":
simple language that anyone can understand [merriam-webster.com]
Note how it doesn't say "...that anyone can look up the meaning of using a search engine".
Do you know what Google is? I know, it's hard right?
For what's it's worth, I was already familiar with that acronym. I was questioning whether a layman would be.
You seem to be confusing "Layman's terms" with "Anything that can be looked up on Google".
A "layman" has no place in this discussion.
I have trouble comprehending the small mental world you live in where all of your knowledge is equally available at all times.
There's a reason why it's polite to gloss your acronyms on first use, even in the narrowest academic publications.
Just yesterday I was reviewing the literature on machine learning. The Juergen Schmidhuber review alone begins with the following glossary:
AE: Autoencoder
BFGS: Broyden—Fletcher—Goldfarb—Shanno
javascript is incompatible with security (Score:1)
It's been every few days since javascript even came onto the scene that we have seen some exploit using javascript as an attack vector.
It is a fundamentally flawed idea to run javascript that any random site happens to deliver to you. The number of ways that can go badly seems to be effectively endless.
If you care at all about the security of your machine, you should not be running javascript by default. This is where a bunch of people come out of the woodwork to say "but we need it to view $RANDOMSITE!
crazy (Score:1)
who would run anything on a machine with 22 CPUs? That's just ASKING to have your ASLR broken, right?
Not the whole story? (Score:3)
If you can read memory arbitrarily via this exploit, your sandbox is most certainly NOT secure. It's just another step to modifying memory contents after that and getting a full breakout.
This exploit looks to be especially effective against cloud architecture as it currently stands.
A whole lot of machines are inherently more compromised as a result of this, too. Because the idiot manufacturers do things like hard-locking a 64-bit system to 2GB of RAM (TOSHIBA and DELL and HP,) it makes ASLR essentially fuck
