Android has stepped its game up in the security department. The folks over at Ars Technica, has a report that Google’s new version of its mobile operating system, Jelly Bean Android 4.1, is the company’s safest version to date. Moreover, the platform was designed to protect users from malicious installations, thanks to the addition of an industry-standard defense.
This improvement to the operating system is made possible because Google implemented a protection known as address space layout randomization (ASLR). So, what the hell does ASLR do, you ask? Well, it randomizes the memory locations for the library, stack, heap, and most other OS data structures. In simple terms, ASLR gives hackers a harder time exploiting memory corruption bugs.
Principal research consultant for security firm Accuvant, Charlie Miller, further explained the concept behind ASLR to Ars Technica:
“As long as there’s anything that’s not randomized, then it (ASLR) doesn’t work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else.” He continued saying, “Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it’s going to be pretty difficult to write exploits for that.”
That being said, the report had to acknowledge the fact that Apple’s iOS mobile platform has featured fully implemented ASLR and DEP for the past 16 months. It also noted that iOS remains a bit more secure. This would normally be fair game for Apple fanboys to use as bragging rights, but considering how Apple just recently got its In-App feature in its App store compromised by a Russian hacker, I’ll call this one off limits.
[Ars Technica; via BGR]