SpecterDev publishes writeup on the PS4/Webkit 5.02 exploit (setAttributeNodeNS)
Developer SpecterDev, following what is now becoming a tradition on his site, analyzes a recent PS4 exploit and explains it for us.
In this case, the developer discusses the PS4 5.02 webkit exploit (it was patched in firmware 5.03), currently used as an entry point for the PS4 4.55 Jailbreak. The exploit relies on a bug in setAttributeNodeNS, which led the developer (with help from Qwertyoruiop) to successful userland execution on the PS4.
The bug, being in Webkit, impacts more than the PS4, but was disclosed and patched a while ago on most systems, after being initially disclosed on chromium about a year ago.
The writeup aims at being clear for people who want to understand how Webkit exploits can work. SpecterDev qualifies the exploit as “trivial” for a seasoned attacker, but “challenging” for people who are new to it. It’s a good idea to go through Specter’s explanation if you are interested in knowing how these exploits are typically found, and have the right technical background.
The full writeup here.