Explore a groundbreaking security presentation that delves into a novel attack surface in Safari, focusing on vulnerabilities in system libraries like audio, video, and font. Learn how researchers have discovered a way to exploit a single Web Audio vulnerability to gain control over Safari, bypassing traditional security measures. Understand the challenges posed by Safari's built-in heap isolation mechanism and how it affects the exploitation of out-of-bounds writing vulnerabilities in system modules. Gain insights into the innovative techniques used to overcome these obstacles and the potential implications for web browser security. Presented by JunDong Xie at Black Hat Asia, this 27-minute talk offers a deep dive into cutting-edge browser exploitation research that could reshape our understanding of Safari's attack surface.
New Attack Surface in Safari - Using Just One Web Audio Vulnerability to Rule Safari
Overview
Syllabus
New Attack Surface in Safari: Using Just One Web Audio Vulnerability to Rule Safari
Taught by
Black Hat
Related Courses
-
Understanding the Attack Surface and Attack Resilience of Project Spartan's New EdgeHTML Rendering Engine
-
ProxyLogon is Just the Tip of the Iceberg - A New Attack Surface on Microsoft Exchange Server
-
DirectX - The New Hyper-V Attack Surface
-
Look, No Hands! - The Remote, Interaction-less Attack Surface of the iPhone
-
Dig Into the Attack Surface of PDF and Gain 100+ CVEs in 1 Year
-
From Logic to Memory - Winning the Solitaire in Reparse Points
