PS4 8.xx exploit: Sony closed some critical bugs via their bounty platform recently. Can this be good news for PS4 8.00, 8.01, 8.03, 8.50 owners?
PS4 8.xx Jailbreak ETA Wen?
We’re seeing a stream of closed vulnerability reports on PlayStation’s bounty page…
A bit less than a year ago, Sony’s PlayStation branch joined bounty platform HackerOne. Hackers can legitimately submit vulnerabilities to Sony, get paid for it, and discuss a proper disclosure process with the PS4 manufacturer.
When this was announced last year, I had mixed feelings about it, as I was concerned this would reduce the chances of getting jailbreaks for the PS4. I was proven wrong, to some extent: the recent 7.55 and 7.02 exploits were both based on submissions to the bounty program (both by TheFloW). Sony gets to strengthen their platform on the latest firmware for 99% of their userbase, while tinkerers who chose to stay on a lower firmware have a good chance at getting a jailbreak eventually.
But it all depends on disclosure actually happening, though, and that part’s not a good sign so far.
Over the past week, we’ve seen a good amount of vulnerability reports being closed on Sony’s bounty page. But all of them are marked as “undisclosed”, which is annoying.
I’d love to show hope that some of them will be disclosed later on, but that doesn’t seem to be how the platform works: When a ticket gets closed, that’s it. As a matter of fact, a rapid look at the list of bounties shows that so far, less than 5% of reported vulnerabilities to Sony have then been disclosed on the hackerOne platform. This makes TheFloW’s disclosures the exception, not the rule.
Probably the most interesting of the recently closed vulnerabilities is a $10’000 bounty attributed to scene hacker Znullptr. That kind of level of bounty smells like kernel-exploit to me. But nothing’s telling us whether this will be disclosed or not.
PS4 8.50 Jailbreak a possibility?
For people on the latest firmware, it’s guaranteed those recent bugs are patched on their device. So 8.50 PS4 owners will probably have to wait longer than anybody else for a Jailbreak, as is always the case.
But what are the chances for people on 8.00, 8.01, 8.03? At this moment it’s tough to say, unless some of these reports switch from “undisclosed” to something more interesting in the days or weeks to come, or if one of the hackers who reported a vulnerability has separate disclosure plans. There’s also the slim hope that SpecterDev found some kernel vulnerability about a month ago, but he wasn’t sure if it was exploitable at the time, and hasn’t communicated on it recently. This means there is nothing solid yet for people on 8.xx, and your best bet if you’re wanting to Jailbreak your PS4 is to get your hands on a PS4 running 7.55 or lower.
Update: Some interesting comments from sonic44567 below:
It’s wrong to say that when a ticket gets closed, that’s it. According to the guidelines, a report MUST get closed before asking for disclosure.You can ask for disclosure ONLY AFTER that the report is closed. That’s because a report is closed only when it’s fixed (indeed this bug is fixed with 8.50).
Therefore TheFlow’s disclosures are no exceptions.The other thing is that Znull already talked about this bug on open orbis discord and he said that it’s not something useful ‘directly’, so he won’t probably disclose it. At least that’s what he said 3 months ago, if he changed his mind idk.
As always, stay tuned to our PS4 Jailbreak page for more updates.
Checked my old ps4 when i left it for the pro, still 8.05 🙁
Oh well i have time to wait
Is it true PS4 has killswitch if running unsigned programs on the system?
Not true, thousands are running unsigned code without an issue.
5.05 for me
Uhh thanks GOD. I am on 8.00 for about 8 month or more and regret to update from 7.55. I wasn’t aware of homebrew community back then. Really want to test that PSXITA linux distro, maybe use as my daily PC!
Same
sorry wololo, but many things on this article are not true.
It’s wrong to say that when a ticket gets closed, that’s it. According to the guidelines, a report MUST get closed before asking for disclosure.You can ask for disclosure ONLY AFTER that the report is closed.That’s because a report is closed only when it’s fixed (indeed this bug is fixed with 8.50).
Therefore TheFlow’s disclosures are no exceptions.
The other thing is that Znull already talked about this bug on open orbis discord and he said that it’s not something useful ‘directly’, so he won’t probably disclose it. At least that’s what he said 3 months ago, if he changed his mind idk.
Thanks, that’s some very good points. I’m updating the article to mention your comments.
wow, it’s great that your open to comment suggestion.
Imho the article should be re-written, because right now it’s a bit misleading.You can also add some details he spilled about it on Discord (not many for obvious reasons). For example he said that the bug regards a file loaded into memory in a kindof secure area. He also said that with a lot of chaining and another kex , theoretically a semi-permanent exploit is achievable.
But I don’t want to talk for him, maybe you can contact him and try to get an interview with him, like you did with SpecterDev. It would be cool af. Znull is a great guy!
I can’t find him in discord, can u tell where can i find his taughts on discord?
Yes Wololo an interview with him would be great!
Al Azif posted on her Twitter on May 5th that she did the obvious and reached out to znull about this. znull said this it’s not what you think it is, and it wont be disclosed. So that’s something more recent about this… and confirms what was said 3 months ago and Al Azif is pretty dependable, so. You can look on Al Azif’s Twitter for the supporting info.
My PS4 is on 8.03 FW. I’m thinking of not updating it since there might be an exploit for it someday.
Next 5 years… Muahahaha
then run and update your console to 8.50
lol people want all the cfw but dont want to put in the effort or money to make it happen.
I would pay for a cfw. Easily
majority don’t, which is why bounties get all the submissions
8.03 kernel exploit is coming, only not even a rumor can be leaked due to Sony’s payment rules
not completly true but you aint wrong most of them are uselss or to hard or to messy/slow/whatever for being useful enough. Sony wants them closed so you dont lose info or get ur console bricked by some kids with a strong Exploit. Many of our known hacker are good guys who share so that the scenes can evolve and make more and more stuff.
I would pay for a cfw too.
Meh, all the assumptions I bet none of you as any single idea about so called “submissions”. I worked with HackerOne and by reviewing reports, NONE of it are updated. Most if not all of the submissions are either old or just outdated general stuffs. A tinker aren’t that wack to just submit new finds just to ruin his fun, even I myself won’t do that just for the sake of easy money which there already other means to get easy money.
Go hacker!!!
TBH I am tired of the current exploits. I would kill to get a stable CFW even on a firmware like 5.XX rather then a 8.XX exploit.
on 8.xx the exploit is called netcat-studio …
u can send any media type for playback …