Researchers from Graz University of Technology, CrowdStrike, NetApp, and NetApp were able to send data over a covert communication channel between an unprivileged, malicious process and a remote process acting as a web server. The attack is not limited by hardware architecture and it proved successful in local attempts against Windows and Linux machines, allowing bypassing of security sandboxes, running a timed user interface redressing, and the recovery of temporary passwords generated automatically. The researchers say their attack is “much more efficient”” on Linux
Source: