Unexpected Security Weakness Found in Android
For many security techniques, the reason data is protected is not because it is impossible to access, but very, very difficult to. At least that is what people believe until someone finds a quick way to get information. Researchers at the Georgia Institute of Technology have done just that by identifying a method to access memory address information many expect to be protected.
The researchers are also going to demonstrate weaknesses in the Android Zygote system, which is meant to accelerate application launches. It has the side effect of giving applications largely identical memory layouts, so the expected effort required to counter ASLR to attack these apps is greatly lessened. This issue will be demonstrated in Google Chrome and VLC Media Player at Black Hat as well.