Following his BD-JB PS5 Userland Exploit 7.61 Firmware Revision, Security Researcher theflow0 confirmed via Twitter that he'll be giving a talk on CVE-2006-4304 (Remote Vulnerabilities in SPP) affecting PS4 up to FW 11.00 and PS5 up to FW 8.20 at the Moxy Seoul Myeongdong All Offensive Security Conference which runs from May 27th-31st, 2024 covering a PlayStation 4 Kernel Remote Code Execution (RCE) Exploit enabling a jailbreak without requiring a user entry (such as a WebKit) point. 
This comes proceeding the PSFree WebKit Exploit Updates, Aapo's HackerOne PlayStation Hacktivity Critical Vulnerability Report, PS4PayloadSDK 10.50-11.02 Support update and recent CVE-2006-4304 PoC... with Andy Nguyen's presentation details outlined below courtesy of TyphoonCon.com:
PlayStation 4 Kernel RCE
Date: May 30-31, 2024
Talk Overview:
This talk will be about successful exploitation of kernel vulnerabilities in a network protocol on the PlayStation 4 which is based on FreeBSD.
I show how internals of the IPv6 protocol can be abused to achieve an information leak and to redirect control flow to get RCE with kernel privileges on the console.
The exploitation strategies may also apply to XNU as they share very similar code. Moreover, this exploit enables a jailbreak without requiring a user entry point such as a WebKit exploit.
Finally, on the PS5 Research & Development general server @Al Azif asked in Discord, "Another IPv6 one?" with @flatz replying "yes" in Discord... to which @Al Azif's response was, "Oof, brutal. Time to shut off notifications everywhere lol" as noted by hhk2003_ via Twitter.
And where there are vulns there are exploits
The PS4 (up to FW 11.00) and PS5 (up to FW 8.20) were vulnerable to CVE-2006-4304: Remote vulnerabilities in spp. I'll share details about successful exploitation at TyphoonCon.
Thanks! Yeah, I also thought this one would be in critical scope ($50'000). I tried with Hacker0x01 mediation, but Sony just didn't want to pay more (and without explanation)
And those will call me traitor, sold-out and whatnot I guess
Should I wait then?
PPPwn: PlayStation 4 PPPoE RCE PS4 Kernel Exploit to 11.00 by TheOfficialFloW
This comes proceeding the PSFree WebKit Exploit Updates, Aapo's HackerOne PlayStation Hacktivity Critical Vulnerability Report, PS4PayloadSDK 10.50-11.02 Support update and recent CVE-2006-4304 PoC... with Andy Nguyen's presentation details outlined below courtesy of TyphoonCon.com:
PlayStation 4 Kernel RCE
Date: May 30-31, 2024
Talk Overview:
This talk will be about successful exploitation of kernel vulnerabilities in a network protocol on the PlayStation 4 which is based on FreeBSD.
I show how internals of the IPv6 protocol can be abused to achieve an information leak and to redirect control flow to get RCE with kernel privileges on the console.
The exploitation strategies may also apply to XNU as they share very similar code. Moreover, this exploit enables a jailbreak without requiring a user entry point such as a WebKit exploit.
Finally, on the PS5 Research & Development general server @Al Azif asked in Discord, "Another IPv6 one?" with @flatz replying "yes" in Discord... to which @Al Azif's response was, "Oof, brutal. Time to shut off notifications everywhere lol" as noted by hhk2003_ via Twitter.
And where there are vulns there are exploits
The PS4 (up to FW 11.00) and PS5 (up to FW 8.20) were vulnerable to CVE-2006-4304: Remote vulnerabilities in spp. I'll share details about successful exploitation at TyphoonCon.
Thanks! Yeah, I also thought this one would be in critical scope ($50'000). I tried with Hacker0x01 mediation, but Sony just didn't want to pay more (and without explanation)
And those will call me traitor, sold-out and whatnot I guess
Should I wait then?
PPPwn: PlayStation 4 PPPoE RCE PS4 Kernel Exploit to 11.00 by TheOfficialFloW
