Android 4.0 gets ASLR to improve security
Google have added ASLR (address space layout randomisation) to Android 4.0, code-named Ice Cream Sandwich, in an attempt to make the mobile device operating system more resistant to attackers. ASLR's addition is mentioned in Google's Android 4.0 Platform Highlights document.
Often, exploits use the fact that a particular function or library resides at a particular memory location to call that function when manipulating heaps or exploiting other memory errors. ASLR works by ensuring that system and application code does not appear in the same place every time it is loaded. Apple's iOS has had ASLR support since iOS 4.3; that protection was overcome in July by Comex's iPhone jailbreak.
Google says that it has also improved the management of user credentials in Android 4.0 with a new keychain API which works with encrypted storage and lets applications use it to store and retrieve private keys and certificates.
- Android 4.0: New design, new features, a feature from The H.
- Return of the sprayer - exploits to beat DEP and ASLR, a feature from The H.