Author: Jonathan Bennett / Source: Hackaday
The past few days have been busy if you’re trying to keep up with the pace of computer security news. Between a serious Chromium bug that’s actively being exploited on Windows 7 systems, the NSA releasing one of their tools as an open source project, and a new Spectre-like speculative execution flaw in Intel processors, there’s a lot to digest.
Intel’s Spoiler
To discuss “Spoiler” let’s do a quick refresher on how we got here. Speculative Execution is a staple of modern processors, allowing code to be executed out of order, and caching the results until needed. Instructions Per Cycle (IPC) has become an important metric as clock speed has stalled out at the 5 GHz barrier. Speculative Execution was dealt a blow when Spectre and Meltdown were announced. The essence of both attacks is that speculative execution has discernible effects. Try to access something you shouldn’t be allowed to see, and with some clever timing attacks against the cache, the protected data is leaked to another process.
Rowhammer is an attack against a machine’s physical memory. Modern memory only holds state for a limited period of time, and needs to be refreshed several times a second. It turns out that flipping nearby bits can cause that state to degrade more quickly. The Rowhammer exploit rapidly flips specific bits in order to affect neighboring ram, even if those memory addresses belong to different processes. It can change data in places that should be protected. One of the mitigations for Rowhammer is that the attacking process needs to understand the physical memory layout. There are various techniques that hide how a process’s memory is mapped to the physical layout, like Kernel Address Space Layout Randomization (KASLR).
Spoiler is a new abuse of speculative execution that leaks information about the physical memory layout, enabling much quicker Rowhammer attacks. The Register was the first to pick up on this story. Intel processors…
The post Spoiler, Use-After-Free, and Ghidra: This Week in Computer Security appeared first on FeedBox.