New Webkit Exploit found for Vita and maybe Playstation 4
Today, we got some interesting news about a new vulnerability on Webkit of Vita and possibly Playstation 4. Unfortunately it is patched on Vita 3.50 firmware but it is still good news for people on 3.3x firmwares.
It is not unlikely to have code execution from the Webkit exploits on game consoles. There is already several code execution methods through Webkit on 3DS and there is an announced kernel exploit for Wii-U again through Webkit. Of course every handheld/console has a different architecture but Webkit seems to have a great potential for exploiting current generation handhelds/consoles.
It has been about 6 months since we first heard about a webkit exploit for Vita. After that we have seen several applications of it, like the Pong and the Package Installer for webkit. Also there is a lot of progress through Vitasploit. Unfortunately, this webkit vulnerability was patched on 3.30 Vita firmware and 2.00 Playstation 4 firmware.
This new vulnerability works on Vita 3.3x firmwares and possibly on Playstation 4 firmwares up to 2.50, though this exploit on Playstation 4 has not yet been confirmed. Its CVE ID is CVE-2014-1303. Initially discovered by Liang Chen of Keen Team, the exploit has been ported to the Vita by hacker xyz. It is great that now 3.3x Vita firmware users will have a chance too if a native Vita hack arises from Webkit exploits.
Here is the Vitasploit ported to this vulnerability for 3.36 firmwares. Expect to see it added to the official repo soon. It will probably be ported to other 3.3x firmwares too.
Source xyz on /talk you’ll find more info and can say thanks directly to the man.