Vulnerability inside Intel Chips Can Cause System Compromise with ASLR Disabled

Vulnerability exists inside Intel's processors which can let miscreants evade security systems while insert malware, warn security researchers. This is possible on nearly all OSs (operating systems) as well as it facilitates software exploits to be more effective. The flaw, in case not plugged, could lead to far more potent malware assaults.

A defense mechanism known as "Address Space Layout Randomization" (ASLR) is used against one type of widely prevalent assaults which sneakily plant malware through the exploitation of security flaws within an application or operating system. ASLR benefits by generally minimizing damages from such exploits on PCs to an ordinary software crash and not any dangerous computer compromise. This it does by making locations random inside computer memory the place programs implant specific codes. And it is this ASLR defense technology that is effectively bypassed due to vulnerability inside Intel chips. Consequently, exploits are created which are far more efficacious compared to their impact without the vulnerability. Arstechnica.com posted this online dated October 19, 2016.

As said above ASLR randomizes code storing locations inside hard disk's memory. The result, malware is stopped from doing its task of determining the location of data storage as there's seemingly little sense in any particular memory's contents. So when ASLR is active, inbuilt exploits' effectiveness is reduced to some application crash rather than have the whole computer hijacked.

According to the researchers, ASLR, however, is not without fault. If there is vulnerability within Intel's processors, the security technology can be evaded. And if ASLR is disabled, malware attacks become far greater potent leading to serious consequences like causing an entire computer compromise.

Therefore, the vulnerability is an illustration about requiring chip manufacturers towards considering the particular security factor while developing fresh makes. If ASLR is turned off, malware attacks could lead to compromising a victim's application alternatively acquiring hold over a total system. While Intel hasn't remarked about the findings in public, it told Ars Technica about its probe into the researchers' study. Thus, it is not certain when, if at all, the company will issue a security patch to fix the flaw.

» SPAMfighter News - 10/24/2016