iOS Gets Native ASLR

Apple has released iOS 4.3 addressing a high number of security flaws but also implementing Address Space Layout Randomization (ASLR), a technology that makes vulnerability exploitation harder.

The update fixes sixty vulnerabilities located in different components of the mobile operating system, including the WebKit layout engine.

Several security issues were identified in the FreeType font library and were solved by updating it to version 2.4.3.

Two arbitrary code execution flaws dealing with TIFF image parsing were fixed in the ImageIO component.

The release also patches a code execution vulnerability in libxml, an IPv6 information leak, a MobileSafari crash loop and a Wi-Fi denial of service issue.

The rest of the bugs are located in WebKit, and aside from three flaws, they all consist of memory errors that can result in remote code execution when visiting maliciously crafted websites.

Most of them have been reported by people associated with the Chromium project, which also uses the open source layout engine.

The last three vulnerabilities concern an authentication credentials leak, cross-site style declarations and a denial of resources condition.

From a security perspective iOS 4.3's most important feature is the implementation of ASLR, a technique that randomizes memory addresses used to store key data.

This makes it difficult to exploit memory-related security vulnerabilities like buffer overflows, because the attacker can't predict the addresses where the payload will be written.

ASLR makes attacks significantly harder to pull off, but does not render them impossible, as there are techniques to bypass this security mechanism.

Since in practice there are few to no attacks targeting iOS at the moment, the biggest impact of this technology will be on jailbreaks.

Jailbreaking is usually achieved by exploiting vulnerabilities to execute unauthorized code, something which ASLR is designed to prevent.