Google’s Android new version, Jelly Bean is hard to exploit, a serial hacker exposed this to ArsTechnica.Users using Jelly bean are more protected to hacker attacks which install malware on devices. Security researcher Jon Oberheide said [quote]Android version 4.1, aka Jelly Bean, is the first version of the Google-developed OS to properly implement a protection known as address space layout randomization.[/quote]
Android ASLR, the executable mapping in the process address space was not randomized in Ice Cream Sandwich, making ROP-style attacks possible but in Jelly Bean most binaries are now compiled/linked with the PIE flag to properly randomize executable mapping when executed. here are some improvements in Jelly bean which streghthen its security prior to old version of Android:
Android is getting near Apple’s defense against these hacks, and Jelly Bean is a major step towards security defense.
Via: ArsTechnica