Find a Question:
Researchers abuse DDR3 leak from Web
Promise 8GB DDR3 The bug, which by Google researchers previously Rowhammer is baptized , is not new, but Austrian and French researchers now have a way found to exploit the bug from a website. This is done by exploiting vulnerabilities in physical DDR3 memory.
The problem that the researchers expose, is located in the physical DDR3 memory. Because memory on an increasingly smaller scale is created and memory cells are increasingly closer together, the electric charge in the memory bits can ‘leak’ into adjacent bits.
This could, was already known, but that it also could from a web page, still had not been shown before. The vulnerability is in different models DDR3 memory available, but not in memory: memory with error correcting code does not suffer from it. Also DDR4 memory is not vulnerable. It does still only comes to PCs, but the researchers believe that research is needed to phones because they contain a variation of DDR3 memory.
Because it is a physical vulnerability, working software protected against attacks – like sandboxing and data execution prevention – no more. As a result, a web page can inject its own code in the memory and then to perform. That is a very serious vulnerability, especially as they software is not to solve. Only a bios update could still provide some relief. However, it is difficult to make a concrete attack; even though bit flipping is possible, namely, that has also once again be done in the right order.
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!