Latest Android will be "pretty hard" to exploit


1 min read
Latest Android will be "pretty hard" to exploit

Latest Android will be "pretty hard" to exploit

Jelly Bean Hack reports

The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets.

Android 4.1 Jelly Bean includes several new exploit mitigations and a more extensive implementation of ASLR to help defeat many kinds of exploits.

ASLR
is an exploit mitigation method that randomizes the positions of key data areas such as libraries, heap, stack, and the base of the executable, in a process's address space, and that makes it near impossible for malware authors and hackers to predict where their malicious payloads will be loaded.

"As we mentioned in our previous post on Android ASLR, the executable mapping in the process address space was not randomized in Ice Cream Sandwich, making ROP-style attacks possible using the whole executable as a source of gadgets. In Jelly Bean, most binaries are now compiled/linked with the PIE flag, which means they will be properly randomized when executed," Jon Oberheide of Duo Security.

That will make it significantly harder to use a technique known as return-oriented programming when exploiting buffer overflows and other memory-corruption vulnerabilities discovered in the mobile platform. Jelly Bean also provides defenses to prevent information leakage exploits that can lead to much more serious OS exploits.

Follow us on Telegram and Twitter for all such latest cybersecurity news and updates.


Hacker exploits iOS flaw for free app purchase
Previous article

Hacker exploits iOS flaw for free app purchase

Hacker exploits iOS flaw for free in-app purchases A hack that lets iOS users trick the App Store into giving them in-app purchases for free

Next article

Download Zemra Botnet DDOS attack

Download Zemra Botnet DDOS attack The Zemra DDoS Bot is currently sold in various forums for about 100 € and detected by Symantec asBackdoor.Zemra. Zemra


GO TOP

🎉 You've successfully subscribed to Hack Reports!
OK