Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
JavaScript
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Hardware vulnerabilities === In 2015, a JavaScript-based proof-of-concept implementation of a [[rowhammer]] attack was described in a paper by security researchers.<ref>{{cite arXiv | eprint = 1507.06955 | title = Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript | date = July 24, 2015 | last1 = Gruss | first1 = Daniel | last2 = Maurice | first2 = Clémentine | last3 = Mangard | first3 = Stefan | class = cs.CR }}</ref><ref>{{cite news |work=Motherboard |publisher=[[Vice (magazine)|Vice]] |title=Rowhammer.js Is the Most Ingenious Hack I've Ever Seen |first=Alix |last=Jean-Pharuns |date=July 30, 2015 |url=https://www.vice.com/en/article/rowhammerjs-is-the-most-ingenious-hack-ive-ever-seen/ |access-date=January 26, 2018 |archive-date=January 27, 2018 |archive-url=https://web.archive.org/web/20180127084042/https://motherboard.vice.com/en_us/article/9akpwz/rowhammerjs-is-the-most-ingenious-hack-ive-ever-seen |url-status=live }}</ref><ref>{{cite web|website=[[Ars Technica]]|title=DRAM 'Bitflipping' exploit for attacking PCs: Just add JavaScript|first=Dan|last=Goodin|date=August 4, 2015|url=https://arstechnica.com/information-technology/2015/08/dram-bitflipping-exploit-for-attacking-pcs-just-add-javascript/|access-date=January 26, 2018|archive-date=January 27, 2018|archive-url=https://web.archive.org/web/20180127143154/https://arstechnica.com/information-technology/2015/08/dram-bitflipping-exploit-for-attacking-pcs-just-add-javascript/|url-status=live}}</ref><ref>{{cite web | url = https://www.slate.com/articles/technology/bitwise/2015/07/rowhammer_security_exploit_why_a_new_security_attack_is_truly_terrifying.html | title = Rowhammer security exploit: Why a new security attack is truly terrifying | date = July 28, 2015 | access-date = July 29, 2015 | first = David | last = Auerbach | author-link = David Auerbach | website = slate.com | archive-date = July 30, 2015 | archive-url = https://web.archive.org/web/20150730004023/https://www.slate.com/articles/technology/bitwise/2015/07/rowhammer_security_exploit_why_a_new_security_attack_is_truly_terrifying.html | url-status = live }}</ref> In 2017, a JavaScript-based attack via browser was demonstrated that could bypass [[Address space layout randomization|ASLR]]. It is called "ASLR⊕Cache" or AnC.<ref>[https://www.vusec.net/projects/anc/ AnC] {{Webarchive|url=https://web.archive.org/web/20170316055626/https://www.vusec.net/projects/anc/ |date=2017-03-16 }} VUSec, 2017</ref><ref>[https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/ New ASLR-busting JavaScript is about to make drive-by exploits much nastier] {{Webarchive|url=https://web.archive.org/web/20170316024419/https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/ |date=2017-03-16 }} Ars Technica, 2017</ref> In 2018, the paper that announced the [[Spectre (security vulnerability)|Spectre]] attacks against Speculative Execution in Intel and other processors included a JavaScript implementation.<ref>[https://spectreattack.com/spectre.pdf Spectre Attack] {{Webarchive|url=https://web.archive.org/web/20180103225843/https://spectreattack.com/spectre.pdf |date=2018-01-03 }} Spectre Attack</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)