Follow

So, now that someone has found a better version of SPECTRE and Meltdown that you can execute from Javascript, what are we going to do? Source: arxiv.org/pdf/1903.00446.pdf

To be clear, not only execute from javascript, but execute in a timely manner (46s to discover addresses + a targeted rowhammer attack). This is going to be a real problem.

Also worth noting EECploit means rowhammer works even on machines with ECC memory as well. If it has a non-Core series Intel CPU, it's basically vulnerable. This is going to be a real doozy.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.