Details have emerged about a new side-channel attack that targets an operating system’s page cache, where sensitive data that has been accessed for use, like program binaries, libraries, and files and info sensitive in nature, is stored.
The attack is not limited by hardware architecture and it proved successful in local attempts against Windows and Linux machines, allowing bypassing of security sandboxes, running a timed user interface redressing, and the recovery of temporary passwords generated automatically.
The research team, comprised of experts from Graz University of Technology, Boston University, NetApp, CrowdStrike, and Intel, was also able, under certain conditions, to exfiltrate information to a remote attacker.
One method operating systems (OS) use to improve performance is to store data it reads from the hard disk for the first time in unused portions of the volatile memory. By storing, or caching, the data in memory, when that same data is accessed again it allows the OS to read it much quicker because volatile storage offers access speeds tens of times faster.
Although the researchers demonstrated their attack on Windows and Linux, as page caching is present on all major operating systems it should be possible to obtain the same effect on macOS.
Submitted by: Arnfried Walbrecht