Posted By: wraggster
Security researchers Mehdi Talbi and Quentin Meffre of French Infosec company Synacktiv have disclosed yesterday a Webkit exploit running on the PS4. The exploit, they say, runs on 6.xx firmwares, and could possibly be tweaked to run on 7.xx.
The fact that hacking utilities are publicly available up to 6.72 made it easier for the security researchers to weaponize their exploit on firmwares 6.xx. On 7.xx, however, they say further research is required to port their work. It is possible that hackers on the scene, with access to more exploits, could work on porting this webkit entry point to 7.xx firmwares.
Brute forcing on the PS4 is tedious as the browser requires a user interaction in order to restart. Our idea is to plug a Raspberry Pi that acts as a keyboard on the PS4. Its main goal is to hit enter at periodical time (5s) to restart the browser after the crash. The brute forced address is updated at each attempt and stored in a cookie. Unfortunately, we didn’t get any result so far. We probably haven’t run the brute force for a long enough period of time to cover the entire address space.
The exploit in itself leverages a use-after-free bug in function ValidationMessage::buildBubbleTree() of the Webkit DOM engine. People interested in how console exploitation works should give a read to the full writeup on Synacktiv’s blog.
PS4: Webkit exploit released for 6.xx, could potentially work on 7.xx - Wololo.net