New Attack Surface in Safari - Using Just One Web Audio Vulnerability to Rule Safari

Explore a groundbreaking security presentation that delves into a novel attack surface in Safari, focusing on vulnerabilities in system libraries like audio, video, and font. Learn how researchers have discovered a way to exploit a single Web Audio vulnerability to gain control over Safari, bypassing traditional security measures. Understand the challenges posed by Safari's built-in heap isolation mechanism and how it affects the exploitation of out-of-bounds writing vulnerabilities in system modules. Gain insights into the innovative techniques used to overcome these obstacles and the potential implications for web browser security. Presented by JunDong Xie at Black Hat Asia, this 27-minute talk offers a deep dive into cutting-edge browser exploitation research that could reshape our understanding of Safari's attack surface.

New Attack Surface in Safari: Using Just One Web Audio Vulnerability to Rule Safari