BinarySynapse
[H]F Junkie
- Joined
- Feb 6, 2006
- Messages
- 15,103
Well, what is the attack vector? You need to have admin access to a machine in order to exploit it right? So, the machine is already compromised at that point.
The difficulty seems to me is VM's in which third parties maybe have been intentionally been granted administrative access to the CPU cores, and can then use them to trick them to dump the contents of their memory.
Or maybe I've misunderstood how it works?
There's been a few posts that show that Javascript can be used to implement the attack. This has nothing to do with OS defined Users and Admins, other than most OS prevent non-Admins from running processes that can access kernel memory. The vulnerability is that non privileged programs that non-Admins would be allowed to run and ordinarily aren't able to access any memory other than their own are capable of breaking out of their hardware enforced boundaries.