For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious payloads when exploiting buffer overflows and similar vulnerabilities. As a result, exploits cause a simple crash rather than a potentially catastrophic system compromise.
Now, researchers have devised an attack that could spell the end of ASLR as the world knows it now. The attack uses simple JavaScript code to identify the memory addresses where system and application components are loaded. When combined with attack code that exploits vulnerabilities in browsers or operating systems, the JavaScript can reliably eliminate virtually all of the protection ASLR provides. The technique, which exploits what's known as a side channel in the memory cache of all widely used modern CPUs, is described in a research paper published on Wednesday.
Article continues: https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/
