sam1275tom :
So will it still have system-wide effect as today's browsers are not running as administrator or root?
Also, didn't NX-bit protect this?
This "exploit" has nothing directly to do with root or NX bit. However, they're related.
Basically, address randomization is a technique to prevent people from using buffer overflows and other tricks, in order to modify program memory. When you use a buffer overflow exploit, it's with a goal in mind. The objective is to write some specific block of data in a specific location, in order to take control of the program. So, you need to know the relative location of the target memory block. Address randomization obscures this, breaking most of these exploits. What they showed is how an array of tricks can be used to determine the memory map, which you can then use to re-enable other exploits involving buffer overflows, etc.
Now, NX bit and access privileges are both additional layers of protection. NX bit shuts down most code modification exploits, but not in all cases. Not running your browser as admin/root limits the extent to which it can compromise the rest of the system (unless combined with a privilege escalation exploit).
Security is all about layers of protection. Basically, you just want to be difficult enough to hack that it's not worthwhile. Perfect security is an illusion.
Facebook
Twitter
Instagram