Andrew Cunningham
Hackers have released details of a new vulnerability that allows home-made software and custom firmware to be installed on PS4 consoles running relatively new firmware. More importantly, the details of the exploit indicate that similar homemade features may soon be available on some versions of PlayStation 5.
The new exploit is based on known bugs in PS4 Web kit Implementation and utilization Font. The vulnerability on PS4 is Announced in October As a proof of concept after finding a similar error Apple’s Safari WebKit implementation in September.
On PS4, it is now possible to trigger a complete exploit by visiting a website with a specially formatted JavaScript Via PS4 web browser, Allowing the system to run kernel-level code that bypasses the usual security protection of the console.From there, the vulnerability can read files from the inserted USB flash drive and install homebrew software, including Existing custom PS4 firmware.
9.
(chendohap & works great @Znullptr) pic.twitter.com/ME12bLyu3C
-Specter (@SpecterDev) December 13, 2021
ghost, A well-known member of the console hacking scene, Published a video of the exploit on Sunday. As of Monday, the documents required for exploiting the vulnerability have been posted on GitHub along with detailed instructions.
Not the first and not the last?
This is not the first time home-made code has been executed on PS4.Previous console exploit Public release in March Works on game consoles running firmware version up to 7.55, which was released by Sony about seven months ago August 2020In contrast, this week’s exploit version applies to firmware version 9.00 that was released less than three months ago Late September.
Users with a fully updated PS4 will not be able to exploit this vulnerability, which has been patched in PS4 firmware version 9.03. Released on December 1In fact, hackers suggested on GitHub that checking the differences between the two latest firmware versions helps them figure out how to make the full exploit work.
However, the latest firmware patch is still very young, which means that new retail PS4 game consoles purchased today may still use the old version of 9.00 firmware. This may be important for fans of homemade software, because there is no known way to downgrade the PS4 to an earlier firmware version to take advantage of the patched loopholes.
Well, this is just a joke about Sunday.
The exploit is legal, as a reward:
Kernel vulnerabilities will also affect Playstation5!
(No, ps5 is not yet ready or is being released, the main developer does not currently have a ps5 console)-From (@Znullptr) December 13, 2021
On Github, hackers pointed out that the same potential error “applies to some PS5 firmware; however, there is no known exploitation strategy.” On Twitter, hacker Znullptr (he also contributed to this latest exploit) Add to “Kernel vulnerabilities will also affect Playstation5”, but a complete vulnerability has not been prepared for the console because “the main developer currently does not have a PS5 console.”
The exploit release was granted last week Two bug bounties on PlayStation’s HackerOne account, Including payment to Andy “TheFlow0” Nguyen (Who recently participated Uncover the PS5 decryption key). Although the specific details of the bounty have not been disclosed, the scale of the expenditure indicates that a major security vulnerability that may affect the recent PlayStation console has been disclosed.
