Called GLitch, the fresh exploit uses GPU to gain access access on some Android tablets and can be executed only through a malicious site. It had been in 2016 spotted a Rowhammer-based harness could trigger Android devices and leak their stored data. But that previous exploit required attackers to install a malicious program on vulnerable hardware to obtain user information.
Researchers of VUSec Lab at Vrije Universiteit Amsterdam have elaborated the GLitch exploit in a paper and asserted it takes about two minutes to assault a vulnerable Android device by pushing code by a JavaScript component available on a malicious site. The exploit especially uses regular JavaScript to undermine the device, rather than requiring any program installation or a special Web program. It basically accesses GPU through a Rowhammer-vulnerable DRAM to take over the system.Rowhammer-Based 'GLitch' Exploit Emerges That Can Attack Android Devices via Browsers

Thankfully, the scope of the GLitch exploit is not as broad as the Drammer that emerged in October 2016 to attack countless Android devices using a malicious program. The brand new exploit works only Mozilla’s Firefox browser also can impact apparatus using Snapdragon 800 and Snapdragon 801 SoCs, that has got the Adreno 330 GPU. Moreover, the researchers discovered their model successful on older devices like the Nexus 5 which was discontinued in the past.

In a statement to Ars Technica, Pietro Frigo, among the four researchers in Vrije University Amsterdam Systems and Network Security Group who authored the paper, assured that on different browsers, attackers could call for different tactics to build the exploit. “However, theoretically, you could exploit any target,” he added.

That being said, Google in an official notice to people at Ars Technica said that the distant vector in Chrome has been mitigated on March 13 and its own staff is working together with different browsers to implement similar protections. Mozilla, on the other hand, disabled the vulnerable EXT_DISJOINT_TIMER_QUERY in the March release of Firefox 59 and can be set to modify the WebGL specifications in Firefox 60 that will be released on May 9 to make it harder for attackers to undermine apparatus through any Rowhammer-based exploits. Furthermore, Some anonymous Google researchers reportedly confirmed that Android phones come with DDR chips which have mitigations to protect the hardware in the GLitch exploit and prevent pieces from reversing, which primarily gives distance to Rowhammer attackers.