The Address Space Layout Randomization (ASLR Protection) is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, it makes hard for attackers to find the memory location where to inject their malicious code.
The ASLR is particularly effective against stack and heap overflows and is able to prevent arbitrary code execution triggered by any other buffer overflow vulnerability. The security measures are present in almost any modern operating system, including Windows, Linux, macOS, and Android.
The group of security researchers VUSec (Vrije University in the Netherlands) have discovered a bug in a chip that could be exploited to bypass ASLR Protection exposing millions of devices to cyber attacks, and the bad news is that the flaw cannot be fixed with a software update.
The experts of the VUSec have devised an attack technique, dubbed ASLR Cache or AnC, that can bypass ASLR protection on at least 22 processor micro-architectures from popular vendors. Chips of major vendors like Intel, AMD, ARM, Allwinner, Nvidia, and others are affected by the flaw.
VUSec has notified all the affected chip vendors and software firms, including Intel, AMD, Samsung, Nvidia, Microsoft, Apple, Google, and Mozilla, more than three months ago.
A user can be hacked by simply visiting a malicious website.
MMU is tasked to map the memory allocation of programs, it constantly checks the page table to keep track of the memory addresses assigned to the applications.
The page table is usually stored in the CPU’s cache to improve performance, but the directory also shares some of its cache with untrusted applications, including web browsers.
Once obtained the memory addresses the attacker can map portions of the memory and launch further attacks, for example injecting malicious exploit codes, escalate access to the operating system, and take complete control of a machine.
The flaws related to the AnC attacks are tracked with the fallowing CVE identifiers:
(Security Affairs – hacking , ASLR Protection)