Select Page

Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities.

In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored in memory and repurpose existing code in a way that directs control flow of their choice, resulting in a malicious action.

Since Android has a lot of mitigation to prevent direct code injection into its kernel, this code reuse method is particularly popular among hackers to gain code execution with the kernel because of the huge number of function pointers it uses.

In an attempt to prevent this attack, Google has now added support for LLVM’s Control Flow Integrity (CFI) to Android’s kernel as a measure for detecting unusual behaviours of attackers trying to interfere or modify the control flow of a program.

images from Hacker News