Jen Simmons, Apple Evangelist on the Web Developer Experience team for Safari & Webkit, stops by to talk about what Interop is, and a look ahead at new CSS features in Webkit and Safari such as JPEG XL, masks, a round function, JavaScript improvements, styling form controls, content unblocks, masonry, and more!

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The type confusion leads to the ability to allocate fake Javascript objects, as well as the ability to find the address in memory of a Javascript object. This allows us to construct a fake JSCell object that can be used to read and write arbitrary memory from Javascript. The module then uses a ROP chain to write the first stage shellcode into executable memory within the Safari process and kick off its execution. The first stage maps the second stage macho (containing CVE-2017-13861) into executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake exploit leads to a kernel task port (TFP0) that can read and write arbitrary kernel memory. The processes credential and sandbox structure in the kernel is overwritten and the meterpreter payloads code signature hash is added to the kernels trust cache, allowing Safari to load and execute the (self-signed) meterpreter payload.

I ran into a very frustrating bug while using icon fonts on our site at Contatta. A bug I filed last April, and nurtured through the process of getting fixed, didn’t make the Mozilla release notes (though it was included in Firefox 28). Because I feel it’s a very useful solution, I wanted to bring [...]

Panel Jamison Dance (twitter github blog) Tim Caswell (twitter github howtonode.org) AJ O’Neal (twitter github blog) Charles Max Wood (twitter github Teach Me To Code Intro to CoffeeScript) Discussion 01:15 - node-webkit Similar to PhoneGap Chrome native apps Chromium 05:31 - Event loops and the browsers 06:53 - Example apps Light Table app.js 07:42 - node-webkit vs app.js 10:00 - Chrome Chrome Apps: JavaScript Desktop Development 17:44 - Security implications 25:11 - Testing node-webkit applications 27:19 - Getting a web app into a native app 31:33 - Creating Your First AppJS App with Custom Chrome Chromeless Browser Chromeless replacement Picks How mismanagement, incompetence and pride killed THQ's Kaos Studios (Jamison) The Insufficiency of Good Design by Sarah Mei (Jamison) app.js (Tim) node-webkit (Tim) Macaroni Grill’s Butternut Asiago Tortellaci (AJ) JCPenney (AJ) Mac OS Stickies (Chuck) Fieldrunners (Chuck) Node Knockout Transcript AJ: Let’s talk about boring stuff. What did you eat for breakfast? TIM: I had donuts. AJ: That sounds nutritious and delicious. [This episode is sponsored by ComponentOne, makers of Wijmo. If you need stunning UI elements or awesome graphs and charts, then go to wijmo.com and check them out.] [This episode is sponsored by Gaslight Software. They are putting on a Mastering Backbone training in San Francisco at the Mission Bay Conference Center, December 3rd through 5th of this year. This three day intensive course will forever change the way you develop the front-end of your web applications. For too long, many web developers have approached front-end as drudgery. No more! We’ll help you build the skills to write front-end code you can love every bit as much as your server-side code.] [Hosting and bandwidth provided by the Blue Box Group. Check them out at bluebox.net] CHUCK: Hey everybody and welcome to episode 35 of the JavaScript Jabber Show. This week on our panel we have Jamison Dance. JAMISON: Hi guys! CHUCK: Tim Caswell. TIM: Hello! CHUCK: And AJ O’Neal. And I'm Charles Max Wood from devchat.tv. This week, we are going to be talking about ‘Node-webkit’. It seems like Tim is the most familiar with it, so why don’t you jump in and tell us a little bit about it? TIM: All right. Basically the idea is to make desktop apps using Node and then having HTML as your display layer for your widgets. And I start a project doing this several years ago from Topcube, but I failed miserably because I'm not that good of a C engineer. And since then, a few projects have taken up the idea. Node-webkit is one done by Intel and the main engineer there is Roger Wang. So on Roger Wang’s GitHub there is node-webkit. And the other popular one is called ‘app.js’ and I think there is a couple others as well. And some other people have taken over my Topcube project and they use it for some maps app. And all these projects had the basic idea of you have a desktop native app that has Node and node-webkit inside of it. CHUCK: So, is it kind of like PhoneGap or some of these other things for mobile? TIM: Yeah. It’s similar to PhoneGap in that, you get more privileges than a browser would have in a more native experience. Instead of just the PhoneGap extensions, you get all of Node -- you get the full Node environment -- which means you can use all that existing libraries and ecosystem. JAMISON: So how does this compare to the Chrome native apps thing? Because I know that they are more --- already have some like JS APIs that let you touch stuff on the server or things like that. Is this just – it’s not sandbox at all? TIM: Yeah. I mean, this is a native app. It’s not in your browser at all. It bundles its own webkit. JAMISON: Oooh. TIM: It’s more like -- what was that flash thing they had years ago? AJ: ‘Adobe Air’? TIM: Air yeah. It’s like Adobe Air that doesn’t suck.