We finally look at the actual exploit code! We start with the addrof() primitive, which can leak the address of a JavaScript object in memory.
Looking at the WebKit JIT compiler - the part that converts JavaScript bytecode to machine code.
Let's have a look at how JavaScriptCore implements JavaScript Objects and values like integers and floats. We can use lldb to look into the memory.
We are going to try out Linus's exploit and setup a vulnerable WebKit version including debug symbols.
The start of a new series. We will try to learn some basics about Browser Exploitation.
