Source |
Network World |
Identifiant |
315436 |
Date de publication |
2017-02-15 09:45:17 (vue: 2017-02-15 09:45:17) |
Titre |
JavaScript-based ASLR bypass attack simplifies browser exploits |
Texte |
Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn't rely on a software bug, fixing the problem is not easy.Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec)Â unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.To read this article in full or to leave a comment, please click here |
Envoyé |
Oui |
Condensat |
address advantage after all amsterdam anc applications article aslr attack based because browser browsers browsers: buffer bug bypass cache can click comment coordinated corruption devised difficult disclosure doesn dubbed easy exploit exploitation exploits feature fixing from full group have having here how including its javascript layout leave like main major make memory mitigations modern more network new not october one operating overflows please present problem processor processors randomization read rely researchers security simplifies since software space systems take takes universiteit vendors vrije vulnerabilities vusec wednesday â unveiled |
Tags |
|
Stories |
|
Notes |
|
Move |
|