Off-By-One 2024 Day 1- Exploring WebKit’s Just In Time Compilation: Vignesh S Rao

Abstract

JIT compilers have been the subject of numerous vulnerability discoveries. This is due to the nuances of optimization phases and their potential to introduce subtle bugs. This talk aims to unravel some key optimization phases in JavaScriptCore, WebKit’s JavaScript engine that powers Apple Safari.

The focus will be mainly on DFG intermediate representation and how optimization phases on this can give rise to vulnerabilities.

Through specific examples and case studies, we will examine vulnerabilities resulting from logic errors in the compiler. These examples will showcase the real-world impact of optimization phase vulnerabilities, highlighting their severity and potential exploitation scenarios.

Speaker
Vignesh Rao is a vulnerability researcher at Exodus Intelligence. He is currently focusing on bug hunting and exploitation of web browsers, with specific focus on JavaScript Engines. He loves anything system security related and has researched multiple userland and kernel applications before especially in the MacOS/iOS ecosystem.

Vignesh also used to be an avid CTF player and regularly participated in CTF’s as a part of the bi0s team in the past.