1 min read

RAM-Mapping JavaScript Defeats ASLR, Leaves Systems Vulnerable to Attacks

Liviu ARSENE

February 15, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
RAM-Mapping JavaScript Defeats ASLR, Leaves Systems Vulnerable to Attacks

Researchers have developed a method of exploiting how CPUs manage memory to map RAM memory and discover where software components, such as files and libraries, are located and exploit vulnerabilities in them.

The security technology that randomizes RAM locations where various components are located, named Address space layout randomization (ASLR), has been around in Windows systems for almost a decade, starting with Windows Vista. Its purpose is to make it difficult for attacker to find these components to exploit them.

For the malicious JavaScript to work, the research shows it needs to run on a malicious webpage and observe the processor”s memory management unit (MMU) to figure out how the data is mapped in memory.

“The memory management unit (MMU) of modern processors uses the cache hierarchy of the processor in order to improve the performance of page table walks. This is fundamental to efficient code execution in modern processors. Unfortunately, this cache hierarchy is also shared by untrusted applications, such as JavaScript code running in the browser,” according to the Dutch researchers.

Given sufficient time, the script could tell attackers what components are on the victim”s computer and where. Armed with that information, attackers could allegedly compromise the victim”s PC by remotely executing malicious payloads and seizing control of the entire system.

The proof-of-concept also demonstrated that a wide range of CPUs are vulnerable to this type of attack, with the team observing the behavior on 22 AMD and ARM processors. The team stated that protecting against the attack is practically impossible and not the fix is not straightforward, as the script exploits a CPU architectural feature. But preventing the execution of JavaScript files within the browser should prevent an attack.

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader