Recent Webkit vulnerability hits PS4 6.02
Hacker Vultra has shared a proof of concept of a semi-recent webkit vulnerability, which seems to impact the latest PS4 firmware 6.02.
More precisely, the bug impacts recent versions of the Webkit engine on PS4 6.00 and above, up to the 6.10 Beta. Firmwares 5.xx and below are apparently not vulnerable, possibly because their version of Webkit doesn’t have the vulnerable function.
The vulnerability itself (a bug in JSC::arrayProtoPrivateFuncConcatMemcpy) was first detailed on externalist’s github about 4 months ago. It is assigned CVE Number CVE-2018-4538, and another detailed writeup (from September) on the vulnerability and how it is exploitable in Safari can be found here.
The vulnerability has been fixed in Webkit several months ago, but it seems the patch might not have made it to the PS4 yet.
There is no doubt that Sony will ultimately bring the fix to their Webkit implementation. Additionally, user exploits such as webkit exploits are historically not useful “as is” on modern consoles*, where they are typically just used as entry points for privilege escalation (kernel exploits or Jailbreaks). Therefore, the chances of this becoming more than a proof of concept are very slim.
With that being said, if you are running on PS4 6.00 or above, you can give a try to the proof of concept by pointing your PS4 browser to https://c0rpvultra.github.io/PS4_jsc_ConcatMemcpy_POC/.
* In the good old days, a usermode exploit could give you a reasonable homebrew loader (cough, cough), which would support a majority of homebrews.