Explore a 16-minute conference talk from USENIX WOOT '24 that delves into exploiting vulnerabilities in Android's Scudo memory allocator. Learn about groundbreaking research that earned the Best Paper award, examining how Scudo replaced jemalloc as Android's default heap implementation since Android 11. Discover two novel exploitation techniques that enable attackers to manipulate Scudo into allocating memory at chosen addresses, potentially leading to arbitrary memory write capabilities. Follow along as researchers demonstrate practical applications by backporting an n-day vulnerability to Android 14 to exploit the system server. Understand the broader implications for applications using the Scudo allocator, including one technique that remains viable due to Scudo's handling of larger memory chunks, while another has been patched in newer versions.
Exploiting Android's Hardened Memory Allocator - Security Analysis and Exploitation Techniques
Overview
Syllabus
WOOT '24 - Exploiting Android’s Hardened Memory Allocator
Taught by
USENIX
Related Courses
-
Exploiting the Jemalloc Memory Allocator - Owning Firefox's Heap
-
SeaK - Rethinking the Design of a Secure Allocator for OS Kernel
-
On the Effectiveness of Control-Flow Integrity in Practice - A Systematic Overview
-
Not Quite Write: On the Effectiveness of Store-Only Bounds Checking
-
Evils in the Sparse Texture Memory - Exploiting Kernel Vulnerabilities in GPU APIs
-
Understanding Page Spray in Linux Kernel Exploitation
