![]() You (wrongly) thought I was talking about targetSdkVersion (which often doesn't match compileSdkVersion on new releases because. Whoops, you confused compileSdkVersion, targetSdkVersion, and minimumSdkVersion (I even mention targetSdkVersion separately as "compiled against") > Android Studio defaults to targeting the latest API level I'm something of a career Android guy so I can do better than point out how you're wrong, I can explain how you're wrong too :) ![]() And therefore obviously not changing with an OS update Which is a static library bundled into the APK. are not in the platform, they're in jetpack. Things like RecyclerView, MotionLayout, ConstraintLayout, CardView, etc. Old apps that don't get updated will still be depending on Theme.Holo which is still there, still unchanging.Īnd most apps are primarily not using platform widgets anyway, they're using Jetpack instead. The platform widgets are governed by the theme which almost never changes. > So even design language changes can (and often do) break the UI. ![]() Meaning compile SDK & target API aren't changing. We're talking about backwards compatibility for apps that don't update. And compiled SDK version is yet something else.Īnd the rest of your rant is about developers updating their app needing to track changes. You're regularly confusing target API with min API. Android Studio defaults to targeting the latest API level, and Play Store even refuses to let you upload an APK targeting something more than a couple APIs old. When the apps can't rely on any newer features, it creates the illusion of backwards compatibility. just imagine if all your iOS apps had to target iOS 11 as a minimum feature set, and XCode defaulted to supporting iOS 8 for all new projects Nearly a third of Android devices are on a version of Android >5 years old. The situation is so bad that Google removed it from their dashboard ( ) and buried it in the IDE. What you're probably seeing is what developers are forced to work around: the fact that everyone is stuck targeting ancient versions of Android because Android users have just accepted their devices never getting OS upgrades.Īndroid Studio will still default to targeting a minimum SDK version of API 25. ![]() So even design language changes can (and often do) break the UI. It's a bit of a weirder exploit path but honestly with how ridiculous UAF flows have gotten with modern mitigations on iOS, it's hardly the worst thing I've ever seen and I suspect someone will get decent mileage out of itĪndroid's backwards compatibility is atrocious with a capital A.Įvery version has random will-be-breaking changes that get held off if your app was compiled before said version came out, but there's only a release or two before the change starts to ignore your compiled version (for example, when a massive permissions change comes down the pipe, any app that's compiled against the newest SDK breaks immediately, and apps that were compiled against older ones just get to break next release)Īnd just like any mobile platform, apps heavily rely on the OS to provide UI widgets and layout. Now when a new object is allocated there, we end up using the corrupted data and invoking the evil pointer, and the rest is history. Now, as you mention, if calloc didn't zero, an attacker could scribble over what they think will be the next allocated slot in the heap (either by targeting a partially used page or an entirely unused page that's just being kept in malloc's retainer) and write a value into the callback pointer field. In a single threaded application, you would not be able to target the function pointer here because nothing interesting happens between calloc and the invocation since the if check will always fail due to it being zero'd from calloc. It's contrived for simplicity, but suppose obj had a function pointer in it and just after allocation the object is passed to another routine which does some work on the object and checks if the callback exists and calls it if it does. ![]() Yeah, more or less! This closes some paths and opens brand new ones, like more of the former and less of the latter. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |