Address Space Layout Randomisation (ASLR)
The term probably doesn't ring a bell, but it's the principle all modern CPU's use to streamline performance, and it's even considered a security feature. It's actually a hardware feature, basically the CPU contains a cache memory that holds the memory page table, and the random attribution of memory blocks to processes is stored there.
Now imagine that there is a system that allows a very simple unsuspected script to "ping" that hardware cache and thus, by pinging different regions one by one at random, can derandomize and reverse engineer the memory allocation table and it's usage by applications. That means that the memory space occupied by running applications, even system applications that are protected by the strongest software protection mechanisms like role-based access control systems, can be profiled, and this information can then be used to gain privileges or to take control over processes or to steal data, etc...
Well, this script is called AnC, short for "ASLR and Cache", and is a basically very simple javascript based attack developed by the VUSec group of the Vrije Universiteit Amsterdam in the Netherlands.
It basically means that - whatever operating system and security measures you're rocking - you're a sitting duck as long as you allow javascript on your machine, at least as long as you allow javacsript execution that is not your own.
This means that every ad, every webpage with javascript, every app or even GUI front, even that webbased control page of your router or your RGB lighting, is a direct and highly dangerous attack vector.
The only thing you can do is avoid all javascript execution ever.
And the coolest thing is: there is absolutely nothing that can be done against it, because every single modern CPU has this exact vulnerability, it's a hardware vulnerability even many times worse than the two main Intel hardware vulnerabilities (cross-core bleed and NSA-style RNG's) that have already caused so much problems, and that won't ever be fixed by Intel because the powers that be and greed and other things.
So this either instantly kills javascript entirely overnight, or it causes the short term end of the world as we know it.
The full information and demonstration can be found on the VUSec site at: https://www.vusec.net/projects/anc/
My recommendation: immediately activate NoScript or similar in all browsers, stop using Android, block all ads, and wait for the development of the next generation of CPU's that has a hardware fix, which shouldn't take more than five years or so lol...
Thoughts?