Posted by: Tony Bradley
ASLR, iOS 4.3, iPad, iPhone, Safari
Apple rolled out the latest version of its mobile operating system this week–iOS 4.3–as a prelude to the launch of the iPad 2. Among a myriad of updates and new features included in iOS 4.3, Apple included a new securtiy control to help protect iOS-based mobile devices from malicious attack.
ASLR (address space layout randomization) randomize the location of core system functions to make them more difficult to locate and exploit. That is, when it works. Charlie Miller was able to bypass the ASLR protection and hack an iOS to win the iPhone portion of the Pwn2Own competition using a security hole in the iOS version of the Safari Web browser.
Miller has shared the details of the flaw with Apple, and Apple is reportedly working on an incremental update for iOS 4.3. Expect to see an iOS 4.3.1 update very soon.