Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting Android's Hardened Memory Allocator - Security Analysis and Exploitation Techniques

USENIX via YouTube

Overview

Explore a 16-minute conference talk from USENIX WOOT '24 that delves into exploiting vulnerabilities in Android's Scudo memory allocator. Learn about groundbreaking research that earned the Best Paper award, examining how Scudo replaced jemalloc as Android's default heap implementation since Android 11. Discover two novel exploitation techniques that enable attackers to manipulate Scudo into allocating memory at chosen addresses, potentially leading to arbitrary memory write capabilities. Follow along as researchers demonstrate practical applications by backporting an n-day vulnerability to Android 14 to exploit the system server. Understand the broader implications for applications using the Scudo allocator, including one technique that remains viable due to Scudo's handling of larger memory chunks, while another has been patched in newer versions.

Syllabus

WOOT '24 - Exploiting Android’s Hardened Memory Allocator

Taught by

USENIX

Reviews

Start your review of Exploiting Android's Hardened Memory Allocator - Security Analysis and Exploitation Techniques

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.