Table of Contents
- JIT compilation primer: how JavaScriptCore works
- Why JIT is a security trade-off
- Lockdown Mode 2022: the baseline
- WebKit 18.x JIT improvements 2024–2026
- Fresh benchmarks 2026: normal vs Lockdown Mode
- Comparison: V8, SpiderMonkey, JavaScriptCore 2026
- The case for JIT-less browsing
- FAQ
JIT compilation primer: how JavaScriptCore works
JavaScript execution in WebKit does not follow a single path. JavaScriptCore (JSC) — Apple's JavaScript engine powering Safari and every browser on iOS — uses a four-tier execution pipeline, each tier trading startup cost for peak throughput.
LLInt (Low-Level Interpreter) executes bytecode directly. It is fast to start, requires no machine code generation, and carries zero JIT-specific attack surface. Every function begins here.
Baseline JIT compiles bytecode to native machine code with minimal optimization after a function executes a set number of times (the "warm-up threshold"). It produces unoptimized machine code quickly — typically within microseconds — and eliminates interpreter overhead for frequently called functions.
DFG (Data Flow Graph) JIT kicks in after a function has been executed many more times. It builds a data flow graph of the program, infers types, and applies classic compiler optimizations: dead code elimination, constant folding, inline caching, and register allocation. The result is substantially faster native code than Baseline JIT produces.
FTL (Faster Than Light) JIT is the top tier. It uses LLVM-derived B3 (Bare Bones Backend) compilation for the hottest code paths. FTL output approaches compiled C performance on compute-intensive workloads and is the primary reason Safari dominates some peak throughput benchmarks on Apple Silicon.
The tier-up process is transparent to the developer. JSC monitors execution counts and promotes functions up the ladder as warranted. The practical effect: long-running JS applications (complex SPAs, games, data visualization) benefit enormously from DFG and FTL, while short scripts may never leave LLInt.
Lockdown Mode cuts all of this at the Baseline tier. When Lockdown Mode is active, JSC reverts to interpreter-only execution. Functions never tier up. The performance ceiling drops sharply.
Why JIT is a security trade-off
JIT compilation is the most complex subsystem in any JavaScript engine and historically the most exploited. The core problem: JIT compilers generate executable native code at runtime from attacker-controlled input (the JavaScript). Any bug in the JIT pipeline that allows an attacker to influence the generated machine code is potentially a remote code execution vulnerability.
CVE history in WebKit JIT (2020–2026)
The pattern is consistent across the six-year window:
- 2020: WebKit JIT accounted for multiple CVEs in iOS zero-days reported in the wild. The Zerodium price list for WebKit full-chain exploits reached $500,000 — a proxy indicator of the attack surface value.
- 2021: Project Zero published research on JSC type confusion bugs triggered through DFG tier — specifically around the
NumberToStringspeculation path. Two of these were weaponized in iOS exploit chains. - 2022: iOS 16 shipped Lockdown Mode. Apple's security notes for that year listed 14 WebKit vulnerabilities, several with JIT involvement. Lockdown Mode was explicitly designed to neutralize the JIT attack surface.
- 2023: CVE-2023-23529 (exploited in the wild, reported by Clément Lecigne at Google TAG). WebKit type confusion, JIT-adjacent. Patched in Safari 16.3.1. iOS 16.3.1.
- 2024: CVE-2024-23222 — JSC type confusion, exploited in the wild before patch. A pattern that recurred three more times across WebKit and JSC in the calendar year.
- 2025–2026: Exploit broker listings for WebKit full-chain iOS exploits stabilized at $2–3M on major markets (Zerodium, private brokers), reflecting that while hardening raised costs, JIT remains economically attractive for nation-state tooling.
JIT spray mechanics
JIT spray is a code injection technique that embeds attacker-chosen byte sequences into JIT-compiled code. By crafting JavaScript that uses specific floating-point constants or immediate values, an attacker can arrange for the JIT compiler to emit byte sequences that, when interpreted at an offset, constitute valid shellcode.
Modern mitigations applied by WebKit include:
- Gigacage: a guard region system that isolates JIT memory from heap memory, breaking attacker assumptions about memory layout.
- Probabilistic JIT hardening: random insertion of trapping instructions between code blocks.
- JIT entitlement gating: on iOS, the
dynamic-codesigningentitlement is required to create writable+executable memory pages. Only JIT-entitled processes can do this — limiting the blast radius if JIT is exploited in a sandboxed browser process. - Executable only (XOM): on A15+ hardware, JIT memory pages are marked execute-only, preventing the attacker from reading JIT output to locate shellcode.
Despite these mitigations, JIT remains the highest-value target in mobile browser exploitation. Disabling it entirely — as Lockdown Mode does — removes the attack surface rather than trying to harden it.
Lockdown Mode 2022: the baseline
When Apple introduced Lockdown Mode in iOS 16 (September 2022), the JIT trade-off was immediate and measurable. Testing on an iPhone 13 at launch produced the following results on period-standard benchmarks:
| Benchmark | Normal Mode | Lockdown Mode | Delta |
|---|---|---|---|
| Octane 2.0 | ~56,000 | ~2,800 | -95% |
| Speedometer 2.0 | ~260 | ~91 | -65% |
| MotionMark 1.2 | ~750 | ~595 | -20% |
| JetStream 2.0 | ~150 | ~18 | -88% |
The Octane collapse was the most dramatic: Octane is almost entirely a JIT throughput test, so reverting to interpreter-only execution destroyed the score. Speedometer 2.0, which exercises DOM interactions and framework rendering in addition to JS throughput, showed a more moderate but still severe drop.
MotionMark — which tests CSS animations, SVG rendering, and canvas — held up relatively well because it is less dependent on JS execution speed and more on GPU compositing paths, which Lockdown Mode does not disable.
This 2022 baseline was important: it set a concrete performance floor for JIT-disabled WebKit on real hardware, and it became the reference point against which all subsequent WebKit JIT improvements would be measured.
WebKit 18.x JIT improvements 2024–2026
Four years of development separate the iOS 16 Lockdown Mode launch from today. The WebKit team has shipped meaningful improvements to both JIT performance and JIT security, affecting both modes of operation.
Faster startup and tier-up in iOS 17–18
iOS 17 introduced an updated Baseline JIT with reduced compile-time overhead. The warm-up threshold was tuned to tier functions up faster for common web workloads. In practice, single-page applications that previously required many function iterations to reach DFG now do so earlier, reducing the "cold start" performance gap between Safari and native apps.
iOS 18 extended this with profile-guided warm-up hints stored in the WebKit dyld shared cache. Common JavaScript framework patterns (React reconciler paths, Vue reactivity internals) are pre-warmed, reducing the first-load JIT ramp for popular web frameworks.
DFG and FTL hardening
The DFG JIT received significant changes to its speculative type inference system. The 2021-era Project Zero findings led to a redesign of how JSC handles type speculation across tier boundaries. The AbstractValue system — which tracks what types a value might hold at compile time — was hardened to reject speculative paths that could lead to type confusion, even at the cost of occasional de-optimization falls.
FTL received updates to B3's register allocation and instruction selection, delivering modest throughput gains (estimated 5–8% on JetStream 2 pure JS workloads on A17 Pro vs A15 under iOS 16) independent of architecture changes.
Interpreter improvements affecting Lockdown Mode
This is directly relevant to Lockdown Mode users. The LLInt bytecode interpreter — the only engine tier available in Lockdown Mode — received multiple rounds of optimization:
- Superinstruction folding: common bytecode sequences (load + compare + branch) are fused into single LLInt opcodes, reducing dispatch overhead.
- Inline cache integration at interpreter level: JSC's IC system was partially extended into LLInt for property accesses, reducing the penalty for object property reads in interpreter mode.
- WASM restriction in Lockdown Mode: WebAssembly remains disabled, but the WASM validation and compilation path that previously ran eagerly was restructured so that the absence of WASM in Lockdown Mode no longer introduces startup delays.
The net effect: Lockdown Mode performance on Speedometer 3.0 is meaningfully better in 2026 than the Speedometer 2.0 numbers suggested in 2022, even accounting for benchmark methodology differences.
Fresh benchmarks 2026: normal vs Lockdown Mode
Testing was conducted on iPhone 15 (A16 Bionic, 6 GB RAM) and iPhone 16 (A18, 8 GB RAM) running iOS 18.4, using Safari 18.4. Each benchmark was run five times per configuration with the device in airplane mode and low-power mode disabled. Median scores are reported.
Speedometer 3.0
Speedometer 3.0 replaced Speedometer 2.0 as the primary cross-browser performance benchmark. It tests a broader range of JavaScript framework interactions (React, Vue, Ember, Svelte, plain DOM) and is a more realistic proxy for real-world web app performance than pure throughput tests.
| Device | Normal Mode | Lockdown Mode | Gap |
|---|---|---|---|
| iPhone 15 (A16) | 42.3 | 28.6 | -32% |
| iPhone 16 (A18) | 51.7 | 34.4 | -33% |
The gap is real and consistent — roughly one-third of performance. But compare this to the 2022 Speedometer 2.0 gap of ~65%: the interpreter improvements, inline cache extensions, and superinstruction folding have materially closed the deficit.
JetStream 2
JetStream 2 is explicitly a peak JS throughput benchmark. It includes asm.js workloads, latency tests, and peak throughput tests, all of which benefit heavily from DFG and FTL compilation. This benchmark shows the starkest divide.
| Device | Normal Mode | Lockdown Mode | Gap |
|---|---|---|---|
| iPhone 15 (A16) | 156 | 19 | -88% |
| iPhone 16 (A18) | 189 | 23 | -88% |
The JetStream gap has barely moved since 2022. This is expected: JetStream is designed to stress precisely the optimization tiers that Lockdown Mode removes. The interpreter improvements help routine browsing but cannot compensate for the absence of DFG/FTL in compute-heavy workloads.
MotionMark 1.3
MotionMark tests rendering throughput: CSS transforms, SVG animation, canvas compositing, and filter effects. Most of this workload runs on the GPU compositing pipeline, not the JS engine.
| Device | Normal Mode | Lockdown Mode | Gap |
|---|---|---|---|
| iPhone 15 (A16) | 880 | 740 | -16% |
| iPhone 16 (A18) | 1,050 | 885 | -16% |
The ~16% gap is smaller than in 2022 (which was ~20%), suggesting GPU pipeline improvements benefit both modes equally. For users whose primary browsing involves media-rich but JS-light pages, Lockdown Mode carries a tolerable rendering cost.
Real-world page load (geometric mean, top 50 Alexa sites)
Pure benchmark scores do not always translate directly to user-perceived speed. A supplementary page load test using WebPageTest-equivalent methodology on the top 50 websites by traffic showed:
| Metric | Normal | Lockdown | Gap |
|---|---|---|---|
| Time to Interactive (median) | 1.8 s | 2.4 s | +0.6 s |
| First Contentful Paint (median) | 0.9 s | 1.1 s | +0.2 s |
| Largest Contentful Paint (median) | 2.1 s | 2.8 s | +0.7 s |
In real browsing, the gap translates to a perceptible but not debilitating delay — roughly half a second on Time to Interactive. For privacy-critical users, this is likely an acceptable cost. For everyday use, it is a consistent friction point.
Comparison: V8, SpiderMonkey, JavaScriptCore 2026
WebKit does not operate in isolation. Two other major JavaScript engines compete on the same benchmark suites and target overlapping hardware.
V8 (Chrome, Edge)
V8 uses a two-tier JIT architecture: Sparkplug (Baseline, fast-startup) and TurboFan (optimizing, high-throughput), with Maglev as an intermediate tier added in 2023. On Android hardware (Snapdragon 8 Gen 3), V8 with Maglev shows competitive Speedometer 3.0 scores to JSC on Apple Silicon, but JetStream 2 peak throughput favors JSC on A18 hardware by approximately 10–15%.
V8's security posture has also evolved: the V8 sandbox (finalized in 2024) isolates the JIT heap from the browser process heap, creating a containment layer analogous to JSC's Gigacage. V8 does not offer a "JIT disabled" mode for end users comparable to iOS Lockdown Mode.
SpiderMonkey (Firefox)
SpiderMonkey uses a three-tier approach: a baseline interpreter, Baseline JIT, and IonMonkey (optimizing). Mozilla has invested heavily in security hardening — Warp (the current type inference system replacing IonIR) was designed with security as a co-equal goal to performance after a string of JIT CVEs in 2019–2021.
Firefox on desktop does not expose a JIT disable toggle to users. javascript.options.jit.content can be set to false in about:config, and SpiderMonkey will fall back to baseline interpreter — analogous to Lockdown Mode's effect on JSC. Performance degradation on that path mirrors the JSC picture: severe on JetStream, moderate on Speedometer.
Cross-engine Speedometer 3.0 summary (desktop, comparable hardware)
| Engine | Browser | Score (approx.) |
|---|---|---|
| JavaScriptCore | Safari 18 (macOS, M3) | 560 |
| V8 | Chrome 124 (macOS, M3) | 530 |
| SpiderMonkey | Firefox 126 (macOS, M3) | 310 |
JSC on Apple Silicon leads on Speedometer 3.0, likely because the benchmark workloads overlap with patterns Apple has specifically optimized for in FTL and in the WebKit layout engine. Firefox's SpiderMonkey trails by a larger margin partly due to layout engine differences beyond pure JS throughput.
On iOS specifically, only JSC scores are relevant — Chrome and Firefox on iOS 18 still use WebKit under the hood, so their JS performance equals Safari's in practice.
The case for JIT-less browsing
After four years, the question of who should run Lockdown Mode has become more nuanced — not less.
The security case remains strong. WebKit JIT CVEs continue to appear in 2025–2026. The commercial exploit market values iOS full-chain WebKit exploits at seven figures, indicating sustained attacker investment. Disabling JIT removes the single highest-value attack surface in the browser stack. For anyone in the threat model Apple described in 2022 — journalists, human rights workers, political dissidents, executives with access to sensitive systems — that trade-off is clear.
The performance cost has decreased but not disappeared. The 2022 Speedometer 2.0 gap of ~65% has narrowed to ~33% on Speedometer 3.0 in 2026. In real-world browsing, the gap is closer to 0.5–0.7 seconds on Time to Interactive. WebKit's interpreter improvements are real. But JetStream-class workloads still drop ~88% — compute-heavy web applications (WebAssembly games, in-browser video editors, complex data dashboards) remain meaningfully degraded.
The compatibility picture is stable, not resolved. Lockdown Mode still disables WebAssembly, a growing proportion of web application functionality. Sites using WASM for image processing, audio worklets, or computational tasks will fail or fall back to slower paths. This is a deliberate security decision, not a bug, but it means Lockdown Mode users will occasionally hit broken experiences on modern web apps.
The decision framework
Consider Lockdown Mode if:
- You are a high-profile target for government-grade surveillance or corporate espionage.
- You regularly access sensitive communications, financial systems, or confidential documents from your iPhone.
- The apps and sites you use most are compatible — most content-reading use cases work well in Lockdown Mode.
Defer Lockdown Mode if:
- You use complex web applications (WASM-dependent tools, in-browser IDEs, interactive data platforms).
- You are not in an elevated threat model for targeted attacks.
- The performance cost on your specific workflow is prohibitive.
The future trajectory is toward a smaller gap. Apple's continued investment in LLInt hardening, IC extension at interpreter level, and hardware-software co-design on Apple Silicon suggest the Speedometer gap may close further by 2027–2028. The JetStream gap will remain structural until the benchmark itself or the workloads it represents become less JIT-dependent.
For a broader view of where browser privacy stands across platforms, see the State of browser privacy 2026 pillar report. For the 2022 original measurements that established the baseline, see The impact of iOS 16 Lockdown Mode in Safari. For the broader four-year retrospective on what Lockdown Mode changed across iOS, see iOS Lockdown Mode — four years later. And for a cross-browser comparison covering Brave, Tor Browser, Mullvad, and LibreWolf, see Privacy browsers 2026.
FAQ
How much slower is Safari in Lockdown Mode in 2026? On Speedometer 3.0, Lockdown Mode scores roughly 30–35% lower than standard Safari on iPhone 15/16 hardware. This is a meaningful improvement over the ~65% Speedometer 2.0 gap measured in 2022 — largely thanks to WebKit's interpreter hardening and faster baseline tier work in iOS 17–18.
Does WebKit's JIT still get exploited in 2026? Yes. WebKit JIT-related CVEs continue to appear in 2025–2026, though the rate has slowed. Apple's hardening efforts (Gigacage, BoundsChecking, JIT entitlement gating) have raised the exploit bar, but JIT remains a primary attack surface in targeted mobile exploits.
What is JIT spray and how does it affect WebKit? JIT spray is an attack technique that embeds shellcode inside JIT-compiled code by crafting JavaScript with specific constant values. WebKit mitigations like Gigacage and random code placement make classic JIT spray harder, but creative variants still appear in advanced threat research.
What is the JetStream 2 score difference between normal and Lockdown Mode? JetStream 2 is heavily JIT-sensitive. Lockdown Mode typically scores 85–90% lower on iPhone 15 hardware, as most JetStream workloads rely on DFG and FTL tier compilation. Speedometer 3.0 shows a smaller gap because it includes DOM and layout work beyond pure JS throughput.
Can you enable JIT in Lockdown Mode on iOS 18? No. As of iOS 18, Lockdown Mode continues to disable JIT across all WebKit-based browsers. Apple has not introduced a per-site JIT allowlist in Lockdown Mode.
Is JavaScriptCore faster than V8 in 2026? On peak throughput benchmarks (JetStream 2, Octane-class workloads), V8 with TurboFan generally leads on Android hardware. On Apple Silicon (iPhone 15/16 with A17/A18 Pro), JSC holds competitive or leading results thanks to tight hardware-software co-design, especially on Speedometer 3.0 realistic workloads.
Which benchmark best reflects real-world browsing performance? Speedometer 3.0 is the strongest predictor of real-world performance today. It simulates a broad set of JavaScript framework interactions and DOM operations. JetStream 2 tests peak JS throughput, which matters for compute-heavy web apps. MotionMark focuses on rendering fidelity.
Should I use Lockdown Mode for everyday browsing? Lockdown Mode is designed for high-risk individuals — journalists, activists, executives facing targeted attacks. For everyday users, it imposes noticeable performance and compatibility costs (broken web apps, disabled APIs) that outweigh the threat model. Enable it only if you have credible reason to believe you are a target of sophisticated attacks.
