JavaScript has a super bug, all X86/ARM processors are affected

On the 15th of this month, researchers from VUSec, the systems and network security group at the Free University of Amsterdam, revealed an attack technique that can bypass the "Address Space Configurability Randomization" (ASLR) protection of 22 processors, affecting processor brands such as Intel, AMD, Nvidia and Samsung.

ASLR is a default security mechanism for many operating systems. It randomly configures application code and data in the virtual address space to increase the attack threshold for hackers and is considered the first line of defense to protect network users.

The limitations of ASLR are the basis for modern processors to manage memory. VUSec researchers have created a JavaScript attack program that can completely remove the security protection that ASLR brings to the processor.

The researchers explained that the memory management unit (MMU) in the processor uses the cache hierarchy to improve the efficiency of searching the page table, but it is also used by other programs, such as JavaScript executed in the browser.

So they created a side-channel attack program called ASLRCache (AnC) that can detect the location of the page table when the MMU performs a page table search.

Security researchers developed native and JavaScript versions of AnC. They used the native version to establish MMU signals that can be observed on 22 processors, and then used the JavaScript version to find program code pointers and heap pointers on Firefox and Chrome browsers, and calculate the actual address of the file. ASLR protection can be eliminated in as fast as 25 seconds.

VUSec has released a native version of AnC for research purposes, but does not intend to release a JavaScript version in order to protect the safety of Internet users. Even so, researchers still expect that any hacker with high capabilities will be able to replicate the attack program within a few weeks.

VUSec warns that since the AnC attack program exploits the basic properties of the processor, it is currently unsolvable. For users, the only way to prevent it is to not execute suspicious JavaScript programs or directly install a plug-in that can block JavaScript on the browser.

In fact, AnC was released as early as October last year, but at that time VUSec decided to inform relevant industries in advance, including processors, browsers and operating systems, and it was not made public until this week.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.