Following the PS4 Playground for Firmware 3.55 and PS4 3.55 File Browser, today PlayStation 4 developer qwertyoruiopz made available a PS4 4.0x WebKit RCE Exploit dubbed JailbreakMe PS4 4.0x with details via Twitter below!
PS4 Link (click go 3 times): http://rce.party/ps4/ / local rce.rar (3 KB) via Nesterwork / Local RCE v2.rar (6 KB) via Nesterwork / Local rce v3.rar (12 KB) via Nesterwork
According to the developer's Tweets below, the bug used is a stack uninit read yielding UaF and the actual exploit does nothing but give you read/write/infoleak arbitrary JS object primitives.
He also confirmed the exploit won't work on PS4 4.50 as Sony updated WebKit past a vulnerable version unfortunately, but it's still an entry point for those on PlayStation 4 OFW 3.55 through 4.07.
That said, if you give it a try on a PlayStation 4 under 4.50 and receive a ffff000000000539 error prompt it's expected output for the exploit's success.
Spoiler: Related Twitter Tweets
Cheers to @DarkElementPL, @DoxyMarket, @hyndrid, @ryan111, @toni1988 and @vettegast for sharing the news in the PSXHAX Shoutbox!
PS4 Link (click go 3 times): http://rce.party/ps4/ / local rce.rar (3 KB) via Nesterwork / Local RCE v2.rar (6 KB) via Nesterwork / Local rce v3.rar (12 KB) via Nesterwork
According to the developer's Tweets below, the bug used is a stack uninit read yielding UaF and the actual exploit does nothing but give you read/write/infoleak arbitrary JS object primitives.
He also confirmed the exploit won't work on PS4 4.50 as Sony updated WebKit past a vulnerable version unfortunately, but it's still an entry point for those on PlayStation 4 OFW 3.55 through 4.07.
That said, if you give it a try on a PlayStation 4 under 4.50 and receive a ffff000000000539 error prompt it's expected output for the exploit's success.
Spoiler: Related Twitter Tweets
Cheers to @DarkElementPL, @DoxyMarket, @hyndrid, @ryan111, @toni1988 and @vettegast for sharing the news in the PSXHAX Shoutbox!