Исходное сообщение
"Новая техника обхода защиты ASLR, реализуемая на JavaScript" Отправлено Аноним, 19-Фев-17 18:53
Коммент к видео: It is sad that every so many so-called "researchers" need to portray their findings as a doomsday scenario ASLR does not protect against drive-by exploits. It's purpose is to provide an additional layer of defense against buffer-overflow exploits by removing the predictability of adjacent blocks of memory. All this JS PoC does is negate that layer. It is not an exploit itself, nor does it even facilitate an exploit. For this really to mean anything: • An actual exploitable buffer-overflow vulnerability must be known. With modern technology combined with modern awareness these are relatively rare, though they are possible. • An exploit via javascript must be available and deliverable. This limits the scope of vulnerable applications. • That javascript would need to incorporate this PoC The target audience for such an exploit would be desktop/mobile, where a browser is used. Servers would not be in scope. This would also be limited to the user context running the browser (does anyone really still run a browser with full administrative privileges?) Is this finding significant? Definitely yes. Does it mean ASLR is "insecure" (as quoted by the so-called "researchers")? Absolutely not.