Analyzing JavaScriptCore Vulnerabilities: Developing CodeQL Queries for Security Research
By
program
5mo ago· 25 min readenInsight
100/100
Golden Brown
Bagelometer↗
An everything bagel for the brain. Substantive, layered, well-seasoned.
Score100TypeanalysisSentimentneutral
Summary
This technical blog post explores JavaScriptCore (JSC), the JavaScript engine used by Safari and other macOS applications. The article provides fundamental knowledge about JSC and details how the authors developed a custom CodeQL query to identify bad side effect modeling vulnerabilities that could lead to remote code execution (RCE) in the engine. The content serves as a technical guide for security researchers interested in finding vulnerabilities in JavaScript engines.
Key quotes
· 5 pulledJavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs.
Finding vulnerabilities in JSC can be intimidating and, in some cases, complicated.
In this blog post, we start by learning the fundamentals of JSC.
Then, we describe how we developed a tailor-made CodeQL query that uncovers bad side effect modeling vulnerabilities, which could lead to RCE in JSC.
The JSC engine is responsible for executing every line of JavaScript (JS) that needs to be executed, whenever we browse to a new website or simply send/receive emails.
TL;DR JavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs. The JSC engine is responsible for executing every line of JavaScript (JS) that...
