JIT spraying
Encyclopedia
JIT spraying is a class of computer security exploit that circumvents the protection of address space randomization and data execution prevention
by exploiting the behavior of just-in-time compilation
. It has been reported to have been used to penetrate security features in the PDF format and Adobe's Flash
technology.
A Just-in-time compiler by definition produces code as its data. Since it essentially produces executable data, a JIT compiler is one of the few types of programs that cannot be run in a no-executable-data environment; therefore, JIT compilers are normally exempt from data execution prevention. A JIT spray compiles code that then proceeds to spray the memory with enough instances of exploit code to overwhelm the address space randomization and then execute the exploit itself.
Data Execution Prevention
Data Execution Prevention is a security feature included in modern operating systems.It is known to be available in Linux, Mac OS X, and Microsoft Windows operating systems and is intended to prevent an application or service from executing code from a non-executable memory region. This helps...
by exploiting the behavior of just-in-time compilation
Just-in-time compilation
In computing, just-in-time compilation , also known as dynamic translation, is a method to improve the runtime performance of computer programs. Historically, computer programs had two modes of runtime operation, either interpreted or static compilation...
. It has been reported to have been used to penetrate security features in the PDF format and Adobe's Flash
Adobe Flash
Adobe Flash is a multimedia platform used to add animation, video, and interactivity to web pages. Flash is frequently used for advertisements, games and flash animations for broadcast...
technology.
A Just-in-time compiler by definition produces code as its data. Since it essentially produces executable data, a JIT compiler is one of the few types of programs that cannot be run in a no-executable-data environment; therefore, JIT compilers are normally exempt from data execution prevention. A JIT spray compiles code that then proceeds to spray the memory with enough instances of exploit code to overwhelm the address space randomization and then execute the exploit itself.