What is a Use After Free bug or vulnerability?
Use After Free (UAF) refers to a memory corruption bug that occurs when an application tries to use memory no longer assigned to it (or freed) – after that memory has been assigned to another application. This can cause crashes and data to be inadvertently overwritten, or in cyber attack scenarios can lead to arbitrary code execution or allow an attacker to gain remote code execution capabilities. Types of use after free vulnerabilities have often been associated with web browsers such as Google Chrome and Mozilla Firefox, allowing for multiple successful attacks over a number of years.
How to Recognize This Threat: Use after free vulnerabilities are not easy to find – they are typically found and exploited by savvy individuals with a software development background or knowledgeable attackers. Actual/active exploits are often the method for gaining awareness into specific vulnerabilities.
How to Prevent This Threat: Error-free code is a key, but most aren’t involved in that particular aspect of their software and operating systems. So on a broader scale, keeping your browser updated with the latest patches is likely your best form of protection. And of course, for any security scenario, strong end user protection is vital to heading off exploits that haven’t yet been patched. Check out options from Sophos and SonicWall.