> E.g. a malicious app mallocs a large buffer and just reads the memory looking for anything interesting?
No, the OS zeros pages before giving them to a new process, otherwise you'd have all kinds of information leaks across security boundaries.
You only see dirty memory within the same process when you malloc and then free and malloc again and get a page from the free list within the process. Increasingly allocators are zeroing those too though to reduce the attack surface from malicious inputs (which is what changed in iOS).
No, the OS zeros pages before giving them to a new process, otherwise you'd have all kinds of information leaks across security boundaries.
You only see dirty memory within the same process when you malloc and then free and malloc again and get a page from the free list within the process. Increasingly allocators are zeroing those too though to reduce the attack surface from malicious inputs (which is what changed in iOS).