While iOS devices are hardened with DEP (Data Execution Prevention) and application sandboxing to aid in preventing malicious code from touching running processes, you find it combination with ASLR (Address Space Layout Randomization) which makes it difficult for attackers to find where processes are located in the first place. ASLR isn’t currently implemented in iOS devices, but a German hacker has developed a new Jailbreaking method which may provide Jailbreakers with some additional peace of mind.

The Register reports that security consultant Stefan Esser of SektionEins will unveil the technique in Seoul, South Korea, during the Power of Community security conference on December 14. Last year’s Pwn2Own hacker contest made possible various exploits due to the lack of ASLR. Because addresses aren’t randomized, the same exploit can be used across iPhones.

While Jailbreaking itself doesn’t do security any favor by disabling aforementioned DEP and application sandboxing, Esser’s implementation of ASLR should provide additional security in preventing malicious payloads from executing on iOS devices. By reordering a file called dyld_shared_cache (which contains code that applications call upon to aid in various functions), Esser promises that his security implementation is stronger than what Apple provides in Snow Leopard, while also noting he’ll release a tool called antid0te that should simplify the install process for casual Jailbreakers.

[via The Register]