A form of attack known as “heap exploitation” takes advantage of a weakness in the way a software handles memory on the heap. The heap is a portion of memory used by ARM32-bit systems to store dynamically allocated variables. Attackers can use heap-based buffer overflows—a form of vulnerability—to execute arbitrary code or bring down a programme by having a programme write more data to a heap-based buffer than the buffer is allocated to contain.
Attackers often need to locate a weakness in the program’s heap management before creating a specific input that takes advantage of the weakness in order to exploit a heap-based buffer overflow. Once the flaw has been exploited, the attacker has the ability to run any code they want or bring the application to a halt.
Heap-based buffer overflows can be exploited using a variety of methods, such as changing the amount of allocated blocks, tampering with the data structures that control the heap, and injecting malicious code directly into the heap. To avoid heap-based buffer overflows and safeguard against heap exploitation, it is crucial for developers to thoroughly verify input and properly allocate memory on the heap.