Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

WebKit Everywhere - Secure or Not?

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security landscape of WebKit, a widely-used web rendering engine, in this 33-minute Black Hat conference talk. Delve into the challenges and possibilities of exploiting WebKit-based applications across various platforms, including Windows, Mac OS X, iOS, and Android. Learn about the security improvements implemented by major tech companies and how they have increased the difficulty of successful exploitations. Examine two detailed exploit demonstrations, including a remote code execution on x64 Safari and techniques applicable to mobile applications. Gain insights into advanced exploit techniques, vulnerability details, and recommendations for enhancing the security of WebKit-based applications. Understand key concepts such as memory corruption, heap arena internals, garbage collection mechanisms, ASLR on Mac OSX, sandbox architecture, and exploitation strategies.

Syllabus

Intro
Background
Historical issues
Memory Corruption
Heap Arena
RenderArena internals
RenderArena enhancement
GC mechanism
Trigger GC: Workaround
ASLR on Mac OSX
Sandbox architecture
Native 64bit App
CVE-2014-1303 : Vulnerability
Restrictive 1-bit write
Exploit : What to overwrite?
Typed Array Internals
Exploitation : Overall strategy
Exploitation : JS Controlled Free
Exploitation : ROPs are for the 99%
Summary of WebKit exploitation

Taught by

Black Hat

Reviews

Start your review of WebKit Everywhere - Secure or Not?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.