Overview
Explore a 16-minute conference talk from USENIX WOOT '24 that delves into exploiting vulnerabilities in Android's Scudo memory allocator. Learn about groundbreaking research that earned the Best Paper award, examining how Scudo replaced jemalloc as Android's default heap implementation since Android 11. Discover two novel exploitation techniques that enable attackers to manipulate Scudo into allocating memory at chosen addresses, potentially leading to arbitrary memory write capabilities. Follow along as researchers demonstrate practical applications by backporting an n-day vulnerability to Android 14 to exploit the system server. Understand the broader implications for applications using the Scudo allocator, including one technique that remains viable due to Scudo's handling of larger memory chunks, while another has been patched in newer versions.
Syllabus
WOOT '24 - Exploiting Android’s Hardened Memory Allocator
Taught by
USENIX