Safari Browser Security: Exploiting JavaScriptCore Vulnerabilities

Explore a technical security conference talk that delves into browser exploitation vulnerabilities discovered in Safari's JavaScriptCore engine. Learn about a significant commit that modified the for-in enumerator implementation, leading to multiple security flaws. Understand the complementary roles of fuzzing and code auditing in bug discovery, including a detailed examination of three critical vulnerabilities: a register spill causing type confusion, float and NaN representation issues enabling arbitrary object dereferencing, and a JIT engine feature misuse that bypasses ASLR. Discover how these vulnerabilities combine to achieve arbitrary read/write capabilities in Safari's renderer process. Gain insights into Apple-specific exploit mitigations like PAC and APRR, along with practical recommendations for preventing similar issues in the future. Presented by Javier Jimenez and Vignesh Rao, experienced vulnerability researchers from Exodus Intelligence, who bring their extensive expertise in browser exploitation and Apple system security to this comprehensive analysis.