However, nowadays there are many countermeasures against such attacks (e.g. DEP, ASLR in Windows).From what I'm reading ARM6 introduced hardware DEP (they call it the XN bit, eXecute Never).... however there's a little hope.
http://www.tomshardware.com/reviews/charli...eak,2710-2.htmlQUOTE
TH: Why doesn’t the ARM XN-bit, also known as NX-bit or XD-bit, prevent overflows like this?
Charlie: Before Data Execution Prevention (DEP), buffer overflows would redirect execution of the process into user-injected code or shellcode. However, DEP forbids this, as the processor knows that the injected code is data, which is not supposed to be executed. As a way around this, exploits use what is known as return oriented programming (ROP). Here, instead of jumping to user-injected code, the exploit jumps to code from the actual process. In this case, code within MobileSafari and the libraries it needs. By reusing little bits of code from the process, the exploit is able to perform the actions necessary to do general purpose actions.
TH: So, to understand this correctly, iOS does have some form of DEP, and this prevents arbitrary injection of user code. But the way around it is to use bits and pieces of legitimate code--the equivalent of a ransom note made out of cut up newspaper letters?