Dedup Est Machina (published at S&P ’16) is a new cool attack showing how a JavaScript-enabled attacker can abuse memory deduplication and Rowhammer to own a Microsoft Edge browser on Windows 10 with all the defenses up. The end-to-end attack relies on no software vulnerabilities.
Microsoft addresses Dedup Est Machina on Windows 10 in CVE-2016-3272 by disabling memory deduplication by default.
Demo
Papers
Acknowledgements
This work was supported by the European Commission through project project ERC-2010-StG 259108 “Rosetta” and project H2020 ICT-32-014 “SHARCS” under Grant Agreement No. 644571, and by NWO through project VICI “Dowser”. The public artifacts reflect only the authors’ view. The funding agencies are not responsible for any use that may be made of the information they contain.
Systems and Network Security Group at VU Amsterdam
