ANC makes drive-by exploits much nastier!

scudsucker · Feb 17, 2017

From Arstechnica.com

A new Javascript exploit can bypass much of the current defences against malware. Researchers named it "AnC" - short for "address space layout randomization cache"

The attack uses simple JavaScript code to identify the memory addresses where system and application components are loaded. When combined with attack code that exploits vulnerabilities in browsers or operating systems, the JavaScript can reliably eliminate virtually all of the protection ASLR provides. The technique, which exploits what's known as a side channel in the memory cache of all widely used modern CPUs, is described in a research paper published on Wednesday. The researchers have dubbed the technique ASLR Cache or AnC for short.

Ho3n3r · Feb 17, 2017

Was wondering why the thread title was under "Software" for a minute there...

scudsucker · Feb 17, 2017

Ho3n3r said:
Was wondering why the thread title was under "Software" for a minute there...

But jokes aside, it is quite a serious problem.

cpu. · Feb 17, 2017

Relax (the) champ. All good here.

Deadmanza · Feb 17, 2017

cpu. said:
Relax (the) champ. All good here.

:crylaugh:

skimread · Feb 17, 2017

scudsucker should get a prize. He found one thing that can't be blamed on the ANC.

ANC makes drive-by exploits much nastier!

scudsucker

Executive Member

Ho3n3r

Honorary Master

scudsucker

Executive Member

cpu.

Executive Member

Deadmanza

Honorary Master

skimread

Honorary Master