Rumors of hacker qwertyoruiop having a Proof of Concept Webkit exploit for the PS4 started to ignite the scene earlier today.
Playstationhax report that the hacker’s recent work on a use after free Webkit exploit is compatible with the PS4. The author on playstationhax (whom I have to assume is GregoryRasputin?) implies that the exploit works on the PS4, on the latest firmware 3.50.
Qwertyoruiop himself hasn’t been so specific. On twitter, he actually seemed to say he wasn’t sure if the exploit would actually work on the PS4 or not. Apparently, the code does crash the PS4, but it’s not guaranteed, based on the hacker’s post, if the crash is exploitable or not:
also bug seems to trigger on ps4- but it’s impossible to distinguish between OOM and segfault on ps4 :/
Qwertyoruiop is a trusted dev of the iPhone hacking scene, and has also been credited in the past for helping CTurt on the PS4 kernel exploits.
Some details on the vulnerability are publicly available on the webkit github, so people with the right sets of skills could be able to confirm if this works. A successful approach might be to try the exploit on firmware 1.76 where some (albeit limited) debug tools exist, to avoid having to work on a proof of concept in the dark directly for 3.50.
Qwertyoruiop stated on twitter he would upload the exploit some time later.
Note that his work is focused on the iPhone currently so it is not sure if the PoC he plans to upload will actually work on the PS4. But, that’s the magic of Webkit: since many devices rely on it, a vulnerability in the web engine means several devices may have the same vulnerability. But again, the hacker has provided no confirmation that anything is in the works, let alone plans to release, for the PS4.
So getting public exploits running on the latest PS4 firmware 3.50 would be really helpful.
A Webkit exploit such as the one described here, however, would not instantly turn firmware 3.50 into the “golden” firmware of PS4 hacking: This would only give us access to the Webkit process, and additional privilege escalation (kernel exploits) would be required to get full access on PS4 3.50, like is possible today on firmware 1.76. On Firmware 1.76 this is achieved through a combination of a webkit exploit and the dlclose kernel exploit.
The dlclose kernel exploit does run on some 2.xx firmwares, so a 3.50 kernel exploit would in theory give kernel access to people running 2.00 and the like.
In the meantime, the release of a 3.50 Webkit exploit sounds to be more and more a question of “when” and “who” than an “if”.