Live in Your World, HAX in Ours!
Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2014 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita), PlayStation TV (PS TV) and next-gen PlayStation 5 (PS5) platforms along with anything else of interest.
Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM!
Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM!
PS4 WebKit Vulnerable to Slow_Path_Profile_Catch (CVE-2021-30797)
Following confirmation of the PlayStation 4 WebKit Vulnerability, PlayStation 5 WebKit Vulnerability and even more reports of PS4 / PS5 WebKit Vulnerabilities the latest testing by Zellix67 on Twitter affecting Sony's PS4 WebKit now includes a JavaScriptCore: Uninitialized Register in Slow_Path_Profile_Catch (CVE-2021-30797) courtesy of ifratric via Project Zero. 
PlayStation 4 Scene developer @Al Azif commented on Twitter: "So to everyone thinking the webkit vulnerabilities will lead to a exploit soon, there were 3 prior vulnerabilities that nothing was ever done with. It's neat making a list of ones that work, but..."
Additionally, @zecoxao reminds those asking for new PS4 Jailbreak exploits on Twitter: "you need to have patience
" noting "if you're really that desperate, just get a PS4 on 7.55 and below " while stating that "sleirs is currently checking the font face one" ...so fingers crossed on @sleirsgoevy's (Twitter)...
PlayStation 4 Scene developer @Al Azif commented on Twitter: "So to everyone thinking the webkit vulnerabilities will lead to a exploit soon, there were 3 prior vulnerabilities that nothing was ever done with. It's neat making a list of ones that work, but..."
Additionally, @zecoxao reminds those asking for new PS4 Jailbreak exploits on Twitter: "you need to have patience
" noting "if you're really that desperate, just get a PS4 on 7.55 and below " while stating that "sleirs is currently checking the font face one" ...so fingers crossed on @sleirsgoevy's (Twitter)...
Beginning Of The End PS4 Homebrew Game Demo & Beta PKG by Markus95
This weekend PS4 Scene developer @Markus95 (aka @Kus00095) announced on Twitter the release of his latest Beginning Of The End PS4 Homebrew Game Demo PKG followed by a Beginning Of The End Beta PS4 PKG for use on Jailbroken PlayStation 4 consoles. 
Download: Beginning_of_the_end_BETA.pkg (34.13 MB) / Beginning_Of_The_End_DEMO.pkg (25.88 MB) / Beginning_of_the_end_DEMO.vpk (15.82 MB)
A video demonstration of it in action from his YouTube Channel can also be seen below, and to quote from Logic-Sunrise.com roughly translated: PS4 Beginning of the end, a new homebrew on PS4
In development for more than 3 months, here is a first demo of my new homebrew:
Beginning of the end... This homebrew is surely my biggest project, entirely handmade (sprites, backgrounds, animations, etc.), I wanted to mix 2 games that I loved which are none other than The Last Of Us and Resurgent.
Indeed, Beginning of the end is a mix between Tlou (for the gameplay and the story) and Resurgent (for the graphics side). This demo, although quite short, shows roughly what the final game will give, an adventure / action / reflection game and this still developed with GameMaker Studio.
This homebrew has been tested and is functional on PS4 4.05, 5.05, 6.72, 7.02 and 7.55, I will also publish a Switch version and maybe Ps-Vita, but less sure for the latter because I encounter many bugs on the Sony laptop. You will also find some bugs on PS4 in this small demo, they will be fixed for the final version of the game.
I hope you will like this project, do not hesitate to...
Download: Beginning_of_the_end_BETA.pkg (34.13 MB) / Beginning_Of_The_End_DEMO.pkg (25.88 MB) / Beginning_of_the_end_DEMO.vpk (15.82 MB)
A video demonstration of it in action from his YouTube Channel can also be seen below, and to quote from Logic-Sunrise.com roughly translated: PS4 Beginning of the end, a new homebrew on PS4
In development for more than 3 months, here is a first demo of my new homebrew:
Beginning of the end... This homebrew is surely my biggest project, entirely handmade (sprites, backgrounds, animations, etc.), I wanted to mix 2 games that I loved which are none other than The Last Of Us and Resurgent.
Indeed, Beginning of the end is a mix between Tlou (for the gameplay and the story) and Resurgent (for the graphics side). This demo, although quite short, shows roughly what the final game will give, an adventure / action / reflection game and this still developed with GameMaker Studio.
This homebrew has been tested and is functional on PS4 4.05, 5.05, 6.72, 7.02 and 7.55, I will also publish a Switch version and maybe Ps-Vita, but less sure for the latter because I encounter many bugs on the Sony laptop. You will also find some bugs on PS4 in this small demo, they will be fixed for the final version of the game.
I hope you will like this project, do not hesitate to...
WebKit Heap-Use-After-Free in EventHandler KeyEvent for PS4 / PS5
But wait, there's more! Yup, yet another PS4 WebKit / PS5 WebKit vulnerability surfaces... developer @Al Azif summarizes it best on Twitter simply stating, "Add it to the every growing list of webkit exploits that work 7.55+ 
"
This time the userland vulnerability is a WebKit: heap-use-after-free in EventHandler::keyEvent as reported by glazunov via Project Zero with NazkyYT supplying the source link alongside a browser test page set up by Zellix67 while crediting on Twitter KameleonRe for the script.
not advisable to update neither your PS4 nor PS5 consoles.
Looking forward to great progress in both the PS4Scene and PS5Scene, and cheers to ashrafasansol on Twitter for the screenshot below!
...
"This time the userland vulnerability is a WebKit: heap-use-after-free in EventHandler::keyEvent as reported by glazunov via Project Zero with NazkyYT supplying the source link alongside a browser test page set up by Zellix67 while crediting on Twitter KameleonRe for the script.
- Webkit Heap-Use-After-Free Test Page (Click on the third button "Webkit heap-use-after-free" and press "ok" and then do "R1")
not advisable to update neither your PS4 nor PS5 consoles.Looking forward to great progress in both the PS4Scene and PS5Scene, and cheers to ashrafasansol on Twitter for the screenshot below!
...
PS5 WebKit Also Affected by Use-After-Free Vulnerability (CVE-2021-30858)
Since testing of the Use-After-Free Vulnerability (CVE-2021-30858) in the PS4Scene indicated the bug is present in the PS4 WebKit, several in the PS5Scene also gave the Proof-of-Concept Test a try with the PS5 OSS WebKit on a PlayStation 5 console including @cedsaill4 (aka Cedsaill2 on Twitter) and @yyoossk (aka Cloud0835 on Twitter) with some positive feedback as well in the Tweets below.
While many are still battling PlayStation 5 Scalpers to actually obtain a console for testing Private PS4 Exploits in hopes of a PS5 Jailbreak, below are some previous articles sorted by date with the oldest first for those new to the scene:
While many are still battling PlayStation 5 Scalpers to actually obtain a console for testing Private PS4 Exploits in hopes of a PS5 Jailbreak, below are some previous articles sorted by date with the oldest first for those new to the scene:
PS4 WebKit Exploit Test for Use-After-Free (CVE-2021-30858) Vulnerability
As testing the previous Use-After-Free vulnerability (CVE-2021-1879) didn't favor the PlayStation 4 Scene, developer @Al Azif on Twitter retweeted another Use-After-Free vulnerability (CVE-2021-30858) by Anonymous via maddiestone that @Nazky on Twitter added to Github to try with PS4 WebKit revisions up to the most recent PS4 Firmware 9.00 in hopes of another userland entry point for Future PS4 Jailbreaking or improving the current PS4JB2 jailbreak exploit's stability.
Proof-of-Concept code of CVE-2021-30858 via maddiestone (Google Security Researcher):
Cheers to...
Code:
THIS SITE IS A TEST FOR THE WEBKIT VULNERABILITY FOR THE PS4
CLICK OK
IF YOU DON'T SEE ANY 'API PATCHED' ERROR OR 'MEMORY ERROR'
ALERT OR ANY ERROR ALERT THAT'S MEAN IT'S NOT PATCH
Code:
var fontFace1 = new FontFace("font1", "", {});
var fontFaceSet = new FontFaceSet([fontFace1]);
fontFace1.family = "font2";