WingNews logo WingNews
top | item 16066150

(no title)

AnkhMorporkian | 8 years ago

The difference is scale. OpenSSL was on a lot of servers, but this affects literally every device manufactured in the last 9 years or so. A well-crafted virus could infect nearly any computer and exploit it reliably. We're talking billions and billions of devices, as opposed to millions by Heartbleed.

discuss

order

jonny_eh|8 years ago

AFAIK, this only allows read access of a host machine. How would it allow a VM to write to its host?

AnkhMorporkian|8 years ago

From my understanding, the VM can exploit it too via executing a crazy amount of syscalls. I may be misunderstanding, but if that were not the case I doubt that AWS would be forcing quick reboots of a ton of its VMs.

Edit: Wait, sorry, I misread. Read is all you really need, write would just be a cherry. If you can read the memory of the host kernel, then you can gain access to any other VMs on the system. This one is bottom-up, you need access to one system and in theory you can gain access to thousands.

jonknee|8 years ago

But you still have to get your code onto the device...