The PS4 scene has been doing a bit of detective work to understand the exploits behind the 4.01 Jailbreak that was demonstrated yesterday in Shanghai. After the hackers of Taichin Tech announced they would disclose the exploits to Sony, people were able to find data about the exploit on the FreeBSD mailing list and bug tracker.
Of course, not everyone can do much with this information, but in theory the details of how the bug was fixed should be enough information for people with the right set of skills to cause a kernel panic on the PS4. How that is later used to gain control of the PS4 will be let as an exercise to the people who know what they’re doing. Oh, and naturally, you’d also need a user entry point, some sort of Webkit exploit or something, in order to be able to execute the code in the first place.
The Kernel exploit itself apparently relies on a CVE (CVE-2016-1885) that was revealed back in April. It seems that this was not properly patched and this is one of the flaws the security researchers at Taichin Tech used to gain access to the PS4 system.
The argument validation in r296956 was not enough to close all possible overflows in sysarch(2)
There are lots of “ifs” here, but with the kernel exploit pretty much in the open, it sounds like a public release is now in the realm of the possible, assuming the right people decide to work on a release.