Address Space Layout Randomization (ASLR) not enforced

Address Space Layout Randomization (ASLR) not enforced

Risk: hardening

Description

Address Space Layout Randomization (ASLR) is memory protection that randomizes the layout space to mitigate memory exploitation techniques.

Recommendation

Address Space Layout Randomization (ASLR) is enabled by default on XCode. To re-enable it manually:

1. Open Xcode

2. Open your application project and navigate to the project settings.

3. In the project settings, locate and click on the "Build Settings" tab. This tab contains various options related to building your project.

4. Search for ASLR: In the search bar within the Build Settings tab, type "ASLR" to quickly locate relevant settings.

5. Enable ASLR option.

6. Save Changes.

7. Build your project to apply the settings.

Links

• Address Space Layout Randomization (Wikipedia)

Standards

• OWASP_MASVS_L1:
  • MSTG_CODE_9
• OWASP_MASVS_L2:
  • MSTG_CODE_9
• GDPR:
  • ART_5
  • ART_32
• PCI_STANDARDS:
  • REQ_2_2
  • REQ_6_2
• OWASP_MASVS_v2_1:
  • MASVS_RESILIENCE_3