Overclock.net › Forums › Industry News › Software News › [ARS] New ASLR-busting JavaScript is about to make drive-by exploits much nastier
New Posts  All Forums:Forum Nav:

[ARS] New ASLR-busting JavaScript is about to make drive-by exploits much nastier

post #1 of 69
Thread Starter 
Quote:
For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks.... ASLR makes it hard for attackers to execute malicious payloads when exploiting buffer overflows and similar vulnerabilities.

Now, researchers have devised an attack that could spell the end of ASLR as the world knows it now. The attack uses simple JavaScript code to identify the memory addresses where system and application components are loaded. When combined with attack code that exploits vulnerabilities in browsers or operating systems, the JavaScript can reliably eliminate virtually all of the protection ASLR provides. The technique, which exploits what's known as a side channel in the memory cache of all widely used modern CPUs, is described in a research paper published on Wednesday. The researchers have dubbed the technique ASLR Cache or AnC for short.

Source

Oh boy.

What is the old saying? Where's there is a will there is a way?
 
Gsvlip Dudyrm
(15 items)
 
Oda'maksv
(9 items)
 
CPUMotherboardGraphicsRAM
3770k @ 4.5 1.312 load z77 Sabertooth GTX 1070 Gaming 2126/2249 w/ Hybrid cooler Patriot Viper Xtreme D2 1600  
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 Pro 1TB 4TB RAID 0 4.5TB RAID 0 <.< DVD drive 
CoolingCoolingOSMonitor
H105 EVGA Hybrid GPU cooler Windows 10 Asus MG279Q - 24" 144Hz 1080p 
KeyboardPowerCaseMouse
Filco Majestic II w/ Cherry Reds Seasonic X 760W CM690 II Adv. Logitech G400 
Mouse PadAudioAudioAudio
Razer Goliath AKG A701 JDS Labs Objective 2 JDS Labs ODAC 
CPUMotherboardGraphicsRAM
Core i5 750 3.99 (190x21) 1.376v Load ASUS P7P55d-E Pro GTX 670 FTW <- Poor overclocker :( 8GB (4x2GB) G.Skill DDR3 1600 
Hard DriveHard DriveOptical DriveOS
Samsung 830 Evo 128GB 2x 2TB  Some DVD drive OSX 10.10.4 
MonitorPowerCaseMouse
Asus 1080P Crap TX 750 HAF 922 G400s 
Mouse PadOther
Apple Keyboard Xbox One controler 
CPURAMHard DriveHard Drive
C2D 2,26GHz under volted @ .978v 8GB  Crucial M4 64GB SSD 500GB Scorpio Black 
OSMonitorKeyboardMouse
OS X 10.0 1280x800 Built-in Trackpad 
Audio
Built-in 
  hide details  
Reply
 
Gsvlip Dudyrm
(15 items)
 
Oda'maksv
(9 items)
 
CPUMotherboardGraphicsRAM
3770k @ 4.5 1.312 load z77 Sabertooth GTX 1070 Gaming 2126/2249 w/ Hybrid cooler Patriot Viper Xtreme D2 1600  
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 Pro 1TB 4TB RAID 0 4.5TB RAID 0 <.< DVD drive 
CoolingCoolingOSMonitor
H105 EVGA Hybrid GPU cooler Windows 10 Asus MG279Q - 24" 144Hz 1080p 
KeyboardPowerCaseMouse
Filco Majestic II w/ Cherry Reds Seasonic X 760W CM690 II Adv. Logitech G400 
Mouse PadAudioAudioAudio
Razer Goliath AKG A701 JDS Labs Objective 2 JDS Labs ODAC 
CPUMotherboardGraphicsRAM
Core i5 750 3.99 (190x21) 1.376v Load ASUS P7P55d-E Pro GTX 670 FTW <- Poor overclocker :( 8GB (4x2GB) G.Skill DDR3 1600 
Hard DriveHard DriveOptical DriveOS
Samsung 830 Evo 128GB 2x 2TB  Some DVD drive OSX 10.10.4 
MonitorPowerCaseMouse
Asus 1080P Crap TX 750 HAF 922 G400s 
Mouse PadOther
Apple Keyboard Xbox One controler 
CPURAMHard DriveHard Drive
C2D 2,26GHz under volted @ .978v 8GB  Crucial M4 64GB SSD 500GB Scorpio Black 
OSMonitorKeyboardMouse
OS X 10.0 1280x800 Built-in Trackpad 
Audio
Built-in 
  hide details  
Reply
post #2 of 69
Quote:
Given how crucial caching is to the performance of modern CPUs, the researchers say architectural fixes are likely to be too costly to be feasible. And even if hardware mitigations are possible—say, by creating a separate cache for page tables—the researchers warn that the vulnerability may resurface in software. They conclude their findings with a recommendation that's sure to get the attention of software developers everywhere:

fun times
post #3 of 69
There appears to be only one solution for now: stop trusting sites to execute JavaScript and demand that those that don't work properly without it enabled do the necessary modifications so that they will.

In other words, use NoScript and be careful which sites and domains you enable to use JavaScript.
Edited by tpi2007 - 2/15/17 at 6:27am
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 750 Ti TF Gaming 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 1TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 750 Ti TF Gaming 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 1TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
post #4 of 69
This sounds like an IT support person's best dream of all times. Time to push out some emails.
post #5 of 69
does noscript stop this exploit?
post #6 of 69
java needs to die already, should've been abandoned years ago
post #7 of 69
Quote:
Originally Posted by epic1337 View Post

does noscript stop this exploit?

It relies on javascript, so... yes?
post #8 of 69
Quote:
Originally Posted by lombardsoup View Post

java needs to die already, should've been abandoned years ago

 

Java isn't Javascript. I'm probably the ten billion thousandth person to say this.

   
AGP bencher
(14 items)
 
CPUMotherboardGraphicsRAM
Ryzen R7 1700 Gigabyte GA-AX370-Gaming G5 Sapphire HD 6950 2GiB 2x8GB KFA2 HOF DDR4-3600 
Hard DriveHard DriveHard DriveHard Drive
Crucial MX100 256GB Seagate 600 Series 240GB Seagate 7200.14 2TB Samsung F3 1TB 
CoolingCoolingCoolingCooling
EKWB Supreme HF XSPC Rasa GPU EK XT360 EK 4.0 
OSMonitorMonitorKeyboard
W10 Pro LG IPS235 LG E2250V KUL ES-87 
PowerCaseMouseAudio
SF Leadex II 650W Lian Li PC-A05NB Logitech G9 Xonar DX 
AudioAudio
SMSL SA-S3+Technics CB-250 Sennheiser HD555 
CPUMotherboardRAMHard Drive
AMD A10-5700 Gigabyte F2A75M-HD2 G.SKILL Ares 2133 CL9 Hitachi 5K750 
Hard DriveCoolingOSMonitor
Momentus .7 200GB Noctua NH-L9a Server 2012 R2 Standard AUO B156HW01 
PowerCaseOther
PicoPSU-80-WI-25V AIO Aluminium Handmade TP-Link Archer Something Something Wi-Fi AC 
CPUCPUCPUMotherboard
Core2Duo E6400 Core2Quad Q6600 Pentium Dual Core E5200 AsRock 4COREDUAL-SATA2 R2.0 
GraphicsRAMHard DriveOptical Drive
A dumpload of ancient AGP cards Kingston Value DDR2-667 CL4 2T @CL3 1T Seagate 160GB 7200.10 LG IDE DVD-ROM 
CoolingCoolingOSMonitor
Ghettomade CPU waterblock 49cc 2stroke engine copper radiator WinXP SP2 32bit ProView 17" 
PowerCase
Tacens Radix V 550W Ghetto aluminium bench 
  hide details  
Reply
   
AGP bencher
(14 items)
 
CPUMotherboardGraphicsRAM
Ryzen R7 1700 Gigabyte GA-AX370-Gaming G5 Sapphire HD 6950 2GiB 2x8GB KFA2 HOF DDR4-3600 
Hard DriveHard DriveHard DriveHard Drive
Crucial MX100 256GB Seagate 600 Series 240GB Seagate 7200.14 2TB Samsung F3 1TB 
CoolingCoolingCoolingCooling
EKWB Supreme HF XSPC Rasa GPU EK XT360 EK 4.0 
OSMonitorMonitorKeyboard
W10 Pro LG IPS235 LG E2250V KUL ES-87 
PowerCaseMouseAudio
SF Leadex II 650W Lian Li PC-A05NB Logitech G9 Xonar DX 
AudioAudio
SMSL SA-S3+Technics CB-250 Sennheiser HD555 
CPUMotherboardRAMHard Drive
AMD A10-5700 Gigabyte F2A75M-HD2 G.SKILL Ares 2133 CL9 Hitachi 5K750 
Hard DriveCoolingOSMonitor
Momentus .7 200GB Noctua NH-L9a Server 2012 R2 Standard AUO B156HW01 
PowerCaseOther
PicoPSU-80-WI-25V AIO Aluminium Handmade TP-Link Archer Something Something Wi-Fi AC 
CPUCPUCPUMotherboard
Core2Duo E6400 Core2Quad Q6600 Pentium Dual Core E5200 AsRock 4COREDUAL-SATA2 R2.0 
GraphicsRAMHard DriveOptical Drive
A dumpload of ancient AGP cards Kingston Value DDR2-667 CL4 2T @CL3 1T Seagate 160GB 7200.10 LG IDE DVD-ROM 
CoolingCoolingOSMonitor
Ghettomade CPU waterblock 49cc 2stroke engine copper radiator WinXP SP2 32bit ProView 17" 
PowerCase
Tacens Radix V 550W Ghetto aluminium bench 
  hide details  
Reply
post #9 of 69
What can you get access to using this hack ? You can read anything cached in the memory ? Modifying it such as adding stuff that wasn't there before ?

Could you install programs using that ? If so how would that seem like for the end-user getting hit by this attack ?
post #10 of 69
Things like this right here are why my profession as a technology professional will never be automated.
Ereshkigal
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 ASUS P5B DELUXE EVGA 8800GTS 2GB G.SKILL DDR2 800MHZ 
Hard DriveOSMonitorKeyboard
western digital 200GBSATA XP SP2 Home 19" generic Saitek Eclipse Red 
PowerCaseMouseMouse Pad
stock 410W / TT dedicated GPU 250W PSU INWIN x710 Logitech MX1000 ... Uhhhh my desk 
  hide details  
Reply
Ereshkigal
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 ASUS P5B DELUXE EVGA 8800GTS 2GB G.SKILL DDR2 800MHZ 
Hard DriveOSMonitorKeyboard
western digital 200GBSATA XP SP2 Home 19" generic Saitek Eclipse Red 
PowerCaseMouseMouse Pad
stock 410W / TT dedicated GPU 250W PSU INWIN x710 Logitech MX1000 ... Uhhhh my desk 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ARS] New ASLR-busting JavaScript is about to make drive-by exploits much nastier