A chip level flaw discovered by a security researcher that could hack million of devices with any operating system or application running and the most dangerous thing about the flaw is it can’t be fixed entirely.
The vulnerability is in memory management unit(MMU), CPU’s component to bypass Address Space Randomization(ASLR) protection. ASLR memory protection make random locations where programs run, thus making it difficult to execute the malicious code in memory to cause Buffer Overflow or other memory corruption programs.
What is Buffer Overflow?
It is a condition when a malicious code or program attempt to put more data in a buffer than it can hold. Writing outside block of allocated memory can corrupt data, crash any program and can also cause execution of malicious code. Now it will easy to understand what actually memory flaw is. ASLR is a protection mechanism provided by all operating system from Window, Linux, Android, and Mac OS.
A group of researchers knows as VUSec, from the Vrije University in Netherlands, have found a way to attack which can bypass ASLR protection on at least 22 processors. It can bypass almost any vendor architectures.
The researcher’s team, VUsec published (1st PDF paper, 2nd PDF paper) research paper explaining AnC attack, along with video demonstration of the attack in a Firefox browser on a 64-bit Linux machine.
Issues with AnC attacks are identified by CVE as:
- CVE-2017-5925 for Intel processors
- CVE-2017-5926 for AMD processors
- CVE-2017-5927 for ARM processors
- CVE-2017-5928 for a timing issue affecting multiple browsers
VUsec team already notified about the affected chips and software firms, including Intel, AMD, Samsung, Nvidia, Microsoft, Apple, Google, and Mozilla, more than three months ago.
Statement — “The conclusion is that such caching behavior and strong address space randomization are mutually exclusive,” the paper concludes. “Because of the importance of the caching hierarchy for the overall system performance, all fixes are likely to be too costly to be practical.”
How to protect yourself?
Get more stuff like this
in your inbox
Subscribe Us And Get Latest Tech News, Hacking News, Science News, And Latest Gadgets News Directly Delivered To Your Inbox
Thank You For Subscribing. Verification Email Has Been Send To You. Please Verify !
Something Went Wrong.