Slyck.com
 
Slyck Chatbox - And More

JavaScript-Based Attack Simplifies Browser Exploits

What's happening in the technology world related to software. Please submit stories for this forum here.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

JavaScript-Based Attack Simplifies Browser Exploits

Postby sunnyd » Wed Feb 15, 2017 2:56 pm

Story : http://computerworld.com/article/3170587/security/javascript-based-attack-simpli





Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: Address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn't rely on a software bug, fixing the problem is not easy.

Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.

ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.

The mitigation technique involves randomly arranging the memory address space positions used by a process so that attackers don't know where to inject malicious code so that the process executes it.







Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
User avatar
sunnyd
 
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Return to Tech/Software News

Who is online

Users browsing this forum: No registered users and 0 guests

© 2001-2008 Slyck.com