PS5/PS4: New Webkit vulnerability seems to impact PS4 Firmwares 8.00 to 10.01, and PS5 1.00 to 6.50

A new Webkit vulnerability was disclosed by Google’s Project Zero team. Although it’s too early to say if this could be leveraged for a future exploit on PlayStation consoles, early reports seem to confirm both the PS4 and PS5 are impacted, up to the latest firmwares. This still needs further verification at this point.

PS5 and PS4 Webkit Vulnerability

Google Project Zero team focus on Zero Day vulnerabilities on tools with a large audience. This includes Webkit, the web browser engine used in a vast majority of web browsers nowadays, including the ones used on PS4 and PS5.

Webkit vulnerabilities have been used in the past as an entry point for PS4 and PS5 exploits, including the recent PS5 Hack.

This new vulnerability was disclosed by Project Zero on 2023-Jan-13, and targets CSS functionality in Webkit, with a use-after-free bug.

GamerCityNews webkit_CSSCrossfadeValue_vulnerability_ps5 PS5/PS4: New Webkit vulnerability seems to impact PS4 Firmwares 8.00 to 10.01, and PS5 1.00 to 6.50

The Proof of Concept on the PS5 6.50 Browser

Webkit CSSCrossfadeValue::crossfadeChanged vulnerability apparently impacts PS4 10.01 and PS5 6.50

Zecoxao has asked people to test the vulnerability, and folks are reporting that “it works”, as the proof of concept (which can be found here) displays a “1”.

To be 100% transparent here, looking at the PoC I’m not entirely sure that showing “1” means a given browser is vulnerable, and I don’t know that anybody’s confirmed the expected behavior, so that will need to be double checked. To be sure, there are cases where a given system (e.g. my Chrome on Windows) doesn’t display anything, so at the very least there seems to be some different behavior involved, which, for the purposes of finding a vulnerability, is a good sign.

Echo Stretch has a video showcasing the PoC running on multiple systems:

You can test the vulnerability on your own console by going to http://es7in1.site/test.html. Again, at this point, I’m not sure anybody has confirmed 100% that displaying a “1” on the page (or not displaying it, for that matter), is proof that the system is vulnerable. I’ll update as soon as I have details on that.

If the vulnerability turns out to actually be something worth investigating, Sleirsgoevy will be looking into it, according to Zecoxao.

Details on the CSSCrossfadeValue::crossfadeChanged Webkit Vulnerability



This news is republished from another source. You can check the original article here

Be the first to comment

Leave a Reply

Your email address will not be published.


*