Four researchers from the Vrije University in the Netherlands have put together a successful attack on Windows 10 that uses a combination of a Rowhammer attack and a newly discovered memory deduplication vector that can give attackers control of the OS, even if the browser and the OS are up to date and running various security hardening mitigations.
Their research centers around the memory deduplication process, a method through which some operating systems free memory by finding duplicate entries.
Attacks on memory deduplication existed from prior studies by other researchers, who devised side-channel attacks that can leak information about the contents of the OS memory.
Edge exploit is actually a combination of older attacks
The Dutch researchers combined one of these previous memory deduplication side-channel attacks with Rowhammer, a vulnerability in DDR3 and DDR4 memory cards, found at the electrical and hardware level.
Researchers discovered that, by blasting read-write operations to a row of memory bits, they could alter its electrical field and then modify nearby bits and its data. Later, researchers managed to weaponize Rowhammer attacks using JavaScript and deliver attacks via Internet pages.
The four Dutch researchers took one of these Web exploits and combined it with an older memory deduplication side-channel attack to gain read-write access to the browser's memory.
Attack bypasses Edge's security measures.
Full Article: Rowhammer Attacks on Microsoft Edge Can Compromise Entire PC, New Research Shows
Their research centers around the memory deduplication process, a method through which some operating systems free memory by finding duplicate entries.
Attacks on memory deduplication existed from prior studies by other researchers, who devised side-channel attacks that can leak information about the contents of the OS memory.
Edge exploit is actually a combination of older attacks
The Dutch researchers combined one of these previous memory deduplication side-channel attacks with Rowhammer, a vulnerability in DDR3 and DDR4 memory cards, found at the electrical and hardware level.
Researchers discovered that, by blasting read-write operations to a row of memory bits, they could alter its electrical field and then modify nearby bits and its data. Later, researchers managed to weaponize Rowhammer attacks using JavaScript and deliver attacks via Internet pages.
The four Dutch researchers took one of these Web exploits and combined it with an older memory deduplication side-channel attack to gain read-write access to the browser's memory.
Attack bypasses Edge's security measures.
Full Article: Rowhammer Attacks on Microsoft Edge Can Compromise Entire PC, New Research Shows
