Greatly simplified, row hammering means reading the same DRAM memory addresses over and over again
Aim: pull off a row hammering attack in the browser, using nothing more than JavaScript served up in a web page.
They figured out how to align their “hammerable row” with a JavaScript array in such a way that random bit flips in the array might, with a bit of luck, give them read and write access to memory in ways that JavaScript is supposed to prevent.
That means not only data leakage by reading from memory that’s supposed to be private, but also the possibility of remote code execution (RCE) by poking machine code into protected memory and then running it.
https://nakedsecurity.sophos.com/2018/05/05/serious-security-the-glitch-row-hammering-attack/
No comments:
Post a Comment