The latest release of Google's operating system, Android Jelly Bean, finally indeed enriched in the defense industry standards. Security is designed to protect users against hacker attacks that install malware into devices.
In an analysis published Monday, a security researcher Jon Oberheide said that the Android version 4.1, aka Jelly Bean is the first version of the OS developed by Google to be able to apply the protection to the address layout randomization.
Address Space Layout Randomization, which is usually called ASLR, randomizes the scanned library memory locations, stack, heap, and other data structures.
As a result, hackers are exploiting the memory bug can not know the location of which will be infiltrated by malicious code. When combined with a separate defense or data execution prevention, ASLR can more effectively neutralize the attack.
Unlike its predecessor, Jelly Bean provides a randomization to something known as position-independent executables. That would make it much more difficult for a hacker broke through the system. Jelly Bean also provides a defense to prevent the exploitation of information leaks that could potentially lead to further exploitation of the OS.
With open-source platform, it will be a lot of the hackers who can see the codes, different from the IOS that is closed-source. Android has not introduced a code signing, a protection designed to prevent unauthorized applications running on the OS. While the IOS has long been used this way to minimize the malicious program can be installed on the OS.
In an analysis published Monday, a security researcher Jon Oberheide said that the Android version 4.1, aka Jelly Bean is the first version of the OS developed by Google to be able to apply the protection to the address layout randomization.
As a result, hackers are exploiting the memory bug can not know the location of which will be infiltrated by malicious code. When combined with a separate defense or data execution prevention, ASLR can more effectively neutralize the attack.
Unlike its predecessor, Jelly Bean provides a randomization to something known as position-independent executables. That would make it much more difficult for a hacker broke through the system. Jelly Bean also provides a defense to prevent the exploitation of information leaks that could potentially lead to further exploitation of the OS.
With open-source platform, it will be a lot of the hackers who can see the codes, different from the IOS that is closed-source. Android has not introduced a code signing, a protection designed to prevent unauthorized applications running on the OS. While the IOS has long been used this way to minimize the malicious program can be installed on the OS.
0 comments:
Post a Comment