Google and ARM Tackle Android Bugs with Memory-Tagging

[silversurfer]

Buffer overflows, race conditions, use-after-free and more account for more than half of all vulnerabilities in the Android platform.
 
Aiming at improving the security of the Android ecosystem, Google has partnered up with mobile silicon-maker ARM to implement a hardware-based bug detection tool specifically for memory-safety vulnerabilities.
 
Dubbed the memory-tagging extension (MTE), the feature helps mitigate these kinds of bugs by enabling easier detection of them. MTE has two execution modes, according to a recent post from Google on the effort: Precise mode, which provides more detailed information about the memory violation; and imprecise mode, which has lower CPU overhead and is more suitable to be always-on.

Read more here: https://threatpost.com/google-arm-androi...ng/146950/