Security Alerts & News
by Tymoteusz A. Góral

History
#1995 New ASLR-busting JavaScript is about to make drive-by exploits much nastier
For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious payloads when exploiting buffer overflows and similar vulnerabilities. As a result, exploits cause a simple crash rather than a potentially catastrophic system compromise.

Now, researchers have devised an attack that could spell the end of ASLR as the world knows it now. The attack uses simple JavaScript code to identify the memory addresses where system and application components are loaded. When combined with attack code that exploits vulnerabilities in browsers or operating systems, the JavaScript can reliably eliminate virtually all of the protection ASLR provides. The technique, which exploits what's known as a side channel in the memory cache of all widely used modern CPUs, is described in a research paper published on Wednesday. The researchers have dubbed the technique ASLR Cache or AnC for short.
Read more
#1995 New ASLR-busting JavaScript is about to make drive-by exploits much nastier
#1994 Security updates available for Adobe Flash Player
#1993 Windows 10 mobile bug exposes personal photos on locked devices
#1992 Microsoft shelves all February security updates
#1991 Researchers create new ransomware to target industrial systems
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12