ASLR or Address Space Layout Randomization is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process’s address space (Wikipedia).
According to Steffan Esser, a German programmer and the person behind antid0te, all iOS versions up to version 4.2.1 is vulnerable to attacks and especially more so on jailbroken iPhones. In his presentation during POC 2010 (Power of Community Conference), he mentioned that:
- iPhone / iPad / iPod does not have any address space randomization
- libraries are always mapped at the same address for performance reasons
- ASLR is considered costly by Apple
- iOS performance optimizations and the codesigning feature make ASLR tricky or impossible
This is already changing as Apple will start implementing ASLR from iOS 4.3. While ASLR will make your iPhone safer, it also means that it will be harder for jailbreakers to jailbreak future iPhones. @comex et al has already confirmed the presence of ASLR on the iOS 4.3 SDK in his Twitter.
Hackers will have to get around much more complex and sophisticated systems to run third-party code in the future. @P0sixninja acknowledged that while it will make it more difficult but also fun (his words) writing a new jailbreak, it is a good move forward by Apple to improve the safety of the devices, even when they are jailbroken.