'Five researchers from the Vrije University in the Netherlands have
put together an attack that can be carried out via JavaScript code and
break ASLR protection on at least 22 microprocessor architectures from
vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The
attack, christened ASLRCache, or AnC, focuses on the memory management
unit (MMU), a lesser known component of many CPU architectures, which
is tasked with improving performance for cache management operations.
What researchers discovered was that this component shares some of its
cache with untrusted applications, including browsers. This meant that
researchers could send malicious JavaScript that specifically targeted
this shared memory space and attempted to read its content. In
layman's terms, this means an AnC attack can break ASLR and allow the
attacker to read portions of the computer's memory, which he could
then use to launch more complex exploits and escalate access to the
entire OS. Researchers have published two papers [1, 2] detailing the
AnC attack, along with two videos[1, 2] showing the attack in action.'
-- source:
https://developers.slashdot.org/story/17/02/15/2149235
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/