[HN Gopher] Corrupting memory without memory corruption
       ___________________________________________________________________
        
       Corrupting memory without memory corruption
        
       Author : gslin
       Score  : 47 points
       Date   : 2022-07-28 17:20 UTC (1 days ago)
        
 (HTM) web link (github.blog)
 (TXT) w3m dump (github.blog)
        
       | kjander79 wrote:
       | This write up highlights a depressing fact we all know: the
       | mobile security situation is bleak, to the point of being
       | untenable.
       | 
       | I checked my own device, and despite owning it just about a year,
       | security updates have likely already stopped (although the
       | manufacturer website hasn't exactly confirmed that, just yet) and
       | even if the security updates were still coming, the gap between
       | when they are released and then reach the devices are measured in
       | months, not days, making these exploits worse than zero-days. I
       | have seen no movement in correcting these issues from any of the
       | manufacturers.
       | 
       | You too can check for yourself at
       | source.android.com/security/bulletin
        
         | armitron wrote:
         | Android is not the only mobile ecosystem around, and not every
         | ecosystem is a train wreck.
        
           | kjander79 wrote:
           | In theory I agree, but in practice...
           | 
           | The exploit given here works on any device with the given
           | driver, regardless of OS. Android is just the primary example
           | since it is the 800lb gorilla.
           | 
           | And as the article mentions, just 2 hardware stacks make up
           | nearly the whole ecosystem.
        
       ___________________________________________________________________
       (page generated 2022-07-29 23:01 UTC)