Explore a novel attack targeting design flaws in reachable IPC and associated WebViews using Cross-Site Scripting (XSS) in this 26-minute Black Hat conference talk. Discover how native code execution outside the sandbox can be achieved without re-exploiting WebKit twice. Delve into topics such as TOCTOU without racing, web content case studies, dashboard widgets, arbitrary widget installation, sandbox escape techniques, and CVE-2020-9979. Learn about hard-coded trusted schemes, legacy help vulnerabilities, and methods for arbitrary file execution. Gain insights into jumping to Dictionary.app and understand the implications for macOS Safari sandbox security. Presented by Zhi Zhou, this talk offers valuable takeaways for cybersecurity professionals and researchers interested in browser security and sandbox escape techniques.