Four researchers from the Vrije University in the Netherlands have put together a successful attack on Windows 10 that uses a combination of a Rowhammer attack and a newly discovered memory deduplication vector that can give attackers control of the OS, even if the browser and the OS are up to date and running various security hardening mitigations.
Their research centers around the memory deduplication process, a method through which some operating systems free memory by finding duplicate entries.
Attacks on memory deduplication existed from prior studies by other researchers, who devised side-channel attacks that can leak information about the contents of the OS memory.
Edge exploit is actually a combination of older attacks
The Dutch researchers combined one of these previous memory deduplication side-channel attacks with Rowhammer, a vulnerability in
DDR3 and DDR4 memory cards, found at the electrical and hardware level.
Researchers discovered that, by blasting read-write operations to a row of memory bits, they could alter its electrical field and then modify nearby bits and its data. Later, researchers managed to
weaponize Rowhammer attacks using JavaScript and deliver attacks via Internet pages.
