JavaScript Is Itself a Malicious Payload

Filip Pizlo explains how WebKit is affected by Spectre and Meltdown, and describes to some degree how Apple is trying to mitigate the resulting issues. It seems more nuts to me than ever that browsers will just execute arbitrary JavaScript code.

*****
Written on