Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Google turns to Rust to remedy Android vulnerabilities

Image Description

Google has greenlighted the use of the Rust programming language in Android’s low-level system-code in order to curb the growing number of memory-based security vulnerabilities in the mobile operating system.

In a post in the Google Security blog, members of the Android development team list their efforts to detect, fix, and mitigate the memory safety bugs. Despite their efforts, these vulnerabilities make up about 70% of Android’s high severity security vulnerabilities. 

“Memory-safe languages are the most cost-effective means for preventing memory bugs. In addition to memory-safe languages like Kotlin and Java, we’re excited to announce that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself,” wrote Jeff Vander Stoep and Stephen Hines, from the Android Team. 

Memory management

The memory safety guarantees of Rust make it particularly useful for low-level systems programming. It is for this very reason that support for Rust has even been included in the bleeding edge branch of the Linux kernel.

Android developers work either with Java, and compatible languages like Kotlin, to write the high-level parts of the OS such as the user interface, while the low-level aspects such as the kernel and drivers are best written in C and C++.

However these languages give charge of several crucial aspects such as memory management to the developer. This is one of the charms of the languages and developers welcome the flexibility. But when memory management is improperly implemented it results in security issues, such as buffer overflows and overreads, leading to Android’s current predicament.

The Google developers note in the blog that they’ve been working behind the scenes of adding support for Rust in Android for the past 18 months, and promise to showcase some of the presumably internal early adopter projects in the coming months.

Via: The Register

Date

08 Apr 2021

Sources


Share


Other Blog

  • Data privacy day in the time of cloud-first networks

    COVID-19 and cloud-first networks have dramatically changed data security strategies.

    Read More
  • Cyberpunk 2077 developer has become the victim of a 'targeted cyber attack'

    Cyberpunk developer CD Projekt Red has been hit by a ransomware attack.

    Read More
  • Google releases yet another emergency Chrome security update

    Following the release of version 100 of its browser, Google has released a new update for Chrome to fix a high-severity zero-day vulnerability that is being actively exploited in the wild.

    According to a new security advisory put out by the search giant, the company is aware that an exploit exists for this high-severity vulnerability tracked as CVE-2022-1364. 

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

    The bug itself is a confusion weakness in the Chrome V8 JavaScript engine and while these types of vulnerabilities usually lead to browser crashes after reading or writing memory out of buffer bounds, cybercriminals can also exploit them to execute arbitrary code on vulnerable systems.

    The vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group who immediately reported it to the Google Chrome team. Although Google has observed this zero-day actively being exploited in the wild, the company has been tight lipped regarding any attacks. In its security advisory, it said that details about the bug and links will be “kept restricted until a majority of users are updated with a fix”.

    Google Chrome Manual Update

    (Image credit: Google)

    Manually updating Chrome is your bet bet

    Google Chrome 100.0.4896.127 for Windows, Mac and Linux will roll out in the next few weeks as an update.

    However, due to the high-severity of this vulnerability, security-conscious users can update Chrome immediately by going into the Chrome menu, heading to Help and clicking on About Google Chrome. Here, they’ll be able to manually install the update themselves as opposed to waiting for Google to roll it out.

    For those that would rather wait though, Chrome will automatically check for new updates and install them the next time you close and relaunch the browser.

    This is the third zero-day vulnerability that has been discovered and patched in Chrome this year.

    Via BleepingComputer

    Read More
  • Microsoft has discovered yet more SolarWinds malware

    Microsoft releases more findings into the SolarWinds attack, outlining attack methods, malware strains and mitigation strategies.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us