Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
Proceeding the Talos WebSocket Vulnerability, their Pwners PS4 WebKit Exploit, the Synacktiv PS4 WebKit Port Fork with resulting PS4 WebKit / Kernel Exploit, the PS5 SMAP Bypass Vulnerability and this weekend's PS4 & PS5 Dev Kit Leaks 😍 security researchers abu_y0ussef and 0xdagger of Synacktiv recently held a You got a Trophy: Jailbroken PS4 presentation at SSTIC 2021 recapping their PS4Scene findings (PDF File / GIT) first unveiled at Black Hat Europe 2020 that includes a 3rd closing slide commenting on a Tweet by @sleirsgoevy (Twitter). 🐣

From the Presentation Page is a brief description, to quote roughly translated: You got a trophy: Jailbroken PS4 - Mehdi Talbi, Quentin Meffre on June 02, 2021 at 2:45 p.m. - 30 min.

The PlayStation 4 browser is arguably the most targeted attack surface for a console jailbreak. However, the hardening techniques enjoyed by current browsers coupled with the lack of debugging capability make it difficult to exploit bugs on the latest PS4 firmware.

This presentation details the exploitation strategy we adopted in order to exploit a 0-day vulnerability in WebKit. This is a Use-After-Free vulnerability which initially only offers limited primitives. However, thanks to a weakness identified in ASLR, it was possible to exploit this vulnerability leading to the first public jailbreak on version 7 of the PS4.


A video of their SSTIC 2021 presentation in French is available HERE, and below is a recently added English version covering their BHEU 2020 Presentation courtesy of BlackHatOfficialYT. 🎩

This is for the Pwners : Exploiting a WebKit 0-day in PlayStation 4
Cheers to @oneman123 for the heads-up on this via Twitter earlier on! 🍻
You got a Trophy Jailbroken PS4 Synacktiv Presentation at SSTIC 2021.jpg
 

Comments

That's odd, I'm not hearing it on my end in either video... is it only momentary? Maybe I'm just missing it :unsure:
 
Fw 7.55 has a vulnerability through which it can be exploited. This vulnerability was patched in Fw 8.00, this means that it is present in all Fw below 8.00 (both webkit & kernel) so can the 7.55 JB be used on all Fw lower than 8.00 like 7.02, 6.72, 5.05, 3.55, 1.05 etc as well?
 
Status
Not open for further replies.
Back
Top