Jelly Bean difficult to exploit


Charlie Miller, a veteran smartphone hacker and principal research consultant at security firm Accuvant has said that it will be difficult to write exploits for Jelly Bean as it is the first version of Android to include full ASLR and DEP.

ASLR randomizes data structure memory locations, and as a result hackers are unable to know in advance where their malicious payloads will be loaded. Ice Cream Sandwich did offer partial ASLR, but key memory regions were loaded at the same location each time. This allows hackers to predict where in memory their malicious code can be located.

DEP prevents executing code from a non-executable memory region, so when combined with ASLR our Android devices are becoming more secure than ever.

Source ars technica Via LandOfDroid