(08-07-2024, 08:47 AM)PixLab Wrote: Same as rich2005, "Publishers love scary headlines", the only way to attract visitor like on YT with their clickbait thumbnails
Also when reading from the article link ➤ "This is made possible by a technique that identifies the exact moment of memory allocation. This allows attackers to anticipate memory reuse and manipulate this reuse.".
I'm no programmer, but to identify the exact moment of memory allocation you need to be already in... No?
Yes. But the idea is that you could sneak the code through an innocuous application/plugin/library, that you wouldn't worry too much about because it runs in user space. And then that code finds a way to divert code that runs in kernel/system space...
On personal computers, this isn't so much of a problem because you can have some trust on the code that comes in (unless you add some random PPA to your package sources in Linux
), but if you are on a server in the cloud, it is probably a virtual machine sharing the hardware with other machines that you don't control, and you can worry that one of these machines could take control of the hardware and spy on you or worse.