Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
As testing the previous Use-After-Free vulnerability (CVE-2021-1879) didn't favor the PlayStation 4 Scene, developer @Al Azif on Twitter retweeted another Use-After-Free vulnerability (CVE-2021-30858) by Anonymous via maddiestone that @Nazky on Twitter added to Github to try with PS4 WebKit revisions up to the most recent PS4 Firmware 9.00 in hopes of another userland entry point for Future PS4 Jailbreaking or improving the current PS4JB2 jailbreak exploit's stability. :geek:
Code:
THIS SITE IS A TEST FOR THE WEBKIT VULNERABILITY FOR THE PS4
CLICK OK
IF YOU DON'T SEE ANY 'API PATCHED' ERROR OR 'MEMORY ERROR'
ALERT OR ANY ERROR ALERT THAT'S MEAN IT'S NOT PATCH
Proof-of-Concept code of CVE-2021-30858 via maddiestone (Google Security Researcher):
Code:
var fontFace1 = new FontFace("font1", "", {});
var fontFaceSet = new FontFaceSet([fontFace1]);
fontFace1.family = "font2";

🍻 Cheers to FxckThePolice for the heads-up on this earlier, below are some Tweet highlights and a screenshot thanks to M4rra_ on Twitter with many test results on various firmware versions added to the spoiler... however, @CTurt's $10K PlayStation Bug Bounty on HackerOne.com this past August remains a mystery as CTurtE has yet to elaborate and as usual it's :alert: not advisable :alert: to update your PS4 console:


Spoiler
PS4 WebKit Exploit Test for Use-After-Free (CVE-2021-30858) Vulnerability.jpg
 

Comments

There have been a few minor changes, mostly as you mentioned to the text messages for improved clarity among users.
 
Status
Not open for further replies.
Back
Top