Ars Technica

New ASLR-busting JavaScript is about to make drive-by exploits much nastier

For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer ...
ZDNet

New BlindSide attack uses speculative execution to bypass ASLR

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Read now Academics have developed a new technique ...
Hackaday

ASLR^CACHE

Researchers from VUSec found a way to break ASLR via an MMU sidechannel attack that even works in JavaScript. Does this matter? Yes, it matters. A lot. The discovery of this security flaw along with ...
Redmond Magazine

Microsoft Explains That Windows ASLR Flaw Is Really a Feature

Microsoft provided an explanation this month for an apparent security flaw in Address Space Layout Randomization (ASLR), a Windows protection scheme. The alleged flaw was described in a vulnerability ...
Semiconductor Engineering

SW-HW Co-Design Mitigation To Strengthen ASLR Against Microarchitectural Attacks (MIT)

“Address Space Layout Randomization (ASLR) is one of the most prominently deployed mitigations against memory corruption attacks. ASLR randomly shuffles program virtual addresses to prevent attackers ...
Ars Technica

OEMs do their part to support ASLR in Vista

Earlier this week, Ars discussed a few of the new security features found in Windows Vista. One feature mentioned, Address Space Layout Randomization (ASLR), has been getting some extra press this ...
Hackaday

ASLR^CACHE Attack Defeats Address Space Layout Randomization

Researchers from VUSec found a way to break ASLR via an MMU sidechannel attack that even works in JavaScript. Does this matter? Yes, it matters. A lot. The discovery of this security flaw along with ...
MCPmag

Microsoft: That Windows ASLR Flaw Is Actually a Feature

Microsoft is rationalizing that an apparent security flaw in the ASLR Windows protection scheme was placed there on purpose. The alleged flaw was described in a vulnerability note published this month ...
Bleeping Computer

CISA warns of Samsung ASLR bypass flaw exploited in attacks

CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization (ASLR) protection. ASLR is an Android security feature that ...
Bleeping Computer

JavaScript Attack Breaks ASLR on 22 CPU Micro-Architectures

Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 processor ...
ZDNet

Opera plugs security holes; adds ASLR, DEP support

Opera Software has shipped a high-priority security patch for its flagship Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting ...