https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/
Where were you when CPU designs killed security?
>inb4 javascript shit
this is not javascript specific
>we just kinda assumed nobody would ever break this security method
>not already using noscript
>>58975774
We're gonna have to do everything in a virtual machine inside of a virtual machine now
>>58973335
Based web assembly?
That is so cool though. It's not really a CPU bug but rather a CPU design flaw. It works on ARM and other ISAs too right?
>>58976031
yea
>The researchers identified 22 microarchitectures from Intel, Advanced Micro Devices, and ARM that were vulnerable. They went on to say they have yet to test an architecture that didn't provide the MMU signal necessary to exploit the side channel.
I remember there was that mad hardware exploit on a legacy feature on older processors.
The fix was literally deleting it from the CPU architecture.
That was a minor thing at best.
This is a fucking major component.
SHITS FUCKED YO
>>58973335
ASLR is basically a joke anyway.
It doesn't prevent attacks it just reduces the chance that an attack succeeds.
how does JS get such low level access
>>58976757
it doesnt
it literally reads and writes memory and predicts cache misses using performance.now or some high resolution timer
the point isn't javascript, you can do it in any language
>>58973335
Rip pc gaming.
>>58976929
more like rip java script
am i right guys
>>58977075
rip everything you morone
>>58977115
thank fuck for that