Major security issue (url spoofing) found on the Vita browser

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

You may also like...

46 Responses

  1. Zyphs says:

    So if i turn of javascript will it counter that risk or does the browser have a major flaw that i can’t counter?

    • wololo says:

      Turning off javascript will remove the problem but seriously impact your browsing experience on many sites.

      • Zyphs says:

        Ok, thanks i thought there was something stupid like you can’t turn of javascript because the vita browser was poorly coded or something.

        • wololo says:

          Oh…errr, well it’s actually possible, I didn’t check if the option is actually available…
          edit: yeah, it’s possible to deactivate javascript on the vita browser

  2. Will says:

    Thanks for the heads up. Will avoid purchasing anything from Sony. See if that motivates them enough to pull their finger out and patch this ASAP.

  3. gunblade says:

    Was thinkng about the browser probly the same for the outher vitas or iz the rwo o two updates diferent

  4. Miotepx says:

    Well, that’s useful to know.

  5. gunblade says:

    The update 2.____ was mostly network update i guess the 1.—- must have mostly be the emulatater.

  6. Tha boss says:

    Is this problem only on the New browser or also on the old psp version?
    Because then we would be able to use the psp browser as Tootal_noob Brings out his TN-V with a working browser.

  7. quetz says:

    this is horrible sony -____-

    • hgoel0974 says:

      Sony can’t do anything about it, it isn’t sony’s fault, it probably is in webkit (which most if not all modern web browsers are based on)

      • wololo says:

        I disagree. The issue is probably a webkit issue (the same vulnerability was reported for iPhone a longtime ago), but Sony’s problem is that they are not updating to the latest version often enough. Last time I checked, their build was based on a 2 year old implementation of webkit, the one used in Android 2.1.

      • gunblade says:

        ? shityer then the ones they have one there phone sony need an update thought the was working on the a full size update not a 2.— patch update but i guess till there done with 2.Ooz update there one 2.— patchs wich is shity cuz even there first 2series update paatch had update save problems. ?Was it the same for older vita internet browsers.

  8. The Z says:

    You can avoid this bug, even at a lower firmware (like 2.02):

    http://www.youtube.com/watch?v=YuVWicediUc

  9. Killface says:

    ahhh nuts, i just upgraded my vita like literally 5 minutes ago… >:(

  10. clicks says:

    heck, it’s not Sony’s money that could be lost so why would they put in any effort at all?

    Laziest developers on earth, they make DS flash cart makers seem on top of things.

  11. hgoel0974 says:

    Interesting read, when I looked at it I was like OMG, the TIFF exploit thing is happening all over again! until I read “possibility to spoof the url”, we really need some random guy at google to find a remote code execution vulnerability :lol:

  12. b2p1mp says:

    I wonder if that .js gamesite that was spammed all around here is using the exploit?

    • b2p1mp says:

      I suppose I could do some sniffing and see if there are any redirects happening on my vita. I think ethereal/wireshark/ or maybe even a web debug proxy could shed some light.

  13. oO Flowzila Oo says:

    Do they really want to go through this again?

  14. Negrodamus says:

    If someone could come up with something to run 20 year old console games with this, it would be fixed in no time.

  15. Asmith906 says:

    So as anyone actually reported this to sony or are we just going to sit here and complain?

  16. Really sony? says:

    Dear sony…please patch the security problems.After that please make a contract with adobe or replace your vitaos vith android. ps:become international so i can buy games
    sincerely,f*ck you

  17. Asmith906 says:

    Anyway this could be patched without a firmware update? Oh who am I kidding everything requires a firmware update :(

  18. mb123 says:

    Ohhhh , not another update … I don’t care about this url spoofing b*11sh1t

  19. Lai says:

    that’s really alarming.. now sony will have another issue on this one and if the authorities will be able to find out, sony is in big trouble AGAIN..

    thanks for informing us wololo

  20. vextype-0 says:

    wow this sucks im glad i didint update:)i got uno running my iso and homebrews ect cwcheat and tempar yeah baby tn-v:)

  21. gunblade says:

    nice sumbody said sumthing i usaly cheack the url fo most fishing but cant tell much on the vita.. the should have used opera like the psp or sumthing fire fox would be old school….wish the vita was more like two Vaio UX jus lighter n mean azz a dell hybread jus a lill smaller but bateryy life nice..

  22. poec says:

    Keep calm and browse on your laptop… or smartphone…

  23. gunblade says:

    so i ened up on getting uno so thats nice price. Need more vita games.

  24. Carlos says:

    sony is going to use this as a way to blackmail us. The only way to have a secure system is to buy there stupid trend micro security or update and loose homebrew

  25. Carlos says:

    Hmm Is this possible? I dont know if anyone here remebers or knows about how the nds hacking scene used to be really big, they had custom made flashkarts that were hard disk replicas of a normal ds games that could contain custom firmwares allowing homebrew and even actual roms can. this be done to the vita by creating our own exploitable game or putting the custom firmware itself onto a hard disk?

  26. wololo says:

    Nope. They got contacted a month ago. Security issues that critical should be fixed within 48h.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Most comments are automatically approved, but in some cases, it might take up to 24h for your comments to show up on the site, if they need manual moderation. Thanks for your understanding