PS4 8.xx Jailbreak ETA Wen?

We’re seeing a stream of closed vulnerability reports on PlayStation’s bounty page…

A bit less than a year ago, Sony’s PlayStation branch joined bounty platform HackerOne. Hackers can legitimately submit vulnerabilities to Sony, get paid for it, and discuss a proper disclosure process with the PS4 manufacturer.

When this was announced last year, I had mixed feelings about it, as I was concerned this would reduce the chances of getting jailbreaks for the PS4. I was proven wrong, to some extent: the recent 7.55 and 7.02 exploits were both based on submissions to the bounty program (both by TheFloW). Sony gets to strengthen their platform on the latest firmware for 99% of their userbase, while tinkerers who chose to stay on a lower firmware have a good chance at getting a jailbreak eventually.

But it all depends on disclosure actually happening, though, and that part’s not a good sign so far.

Over the past week, we’ve seen a good amount of vulnerability reports being closed on Sony’s bounty page. But all of them are marked as “undisclosed”, which is annoying.

I’d love to show hope that some of them will be disclosed later on, but that doesn’t seem to be how the platform works: When a ticket gets closed, that’s it. As a matter of fact, a rapid look at the list of bounties shows that so far, less than 5% of reported vulnerabilities to Sony have then been disclosed on the hackerOne platform. This makes TheFloW’s disclosures the exception, not the rule.

Probably the most interesting of the recently closed vulnerabilities is a $10’000 bounty attributed to scene hacker Znullptr. That kind of level of bounty smells like kernel-exploit to me. But nothing’s telling us whether this will be disclosed or not.

PS4 8.50 Jailbreak a possibility?

For people on the latest firmware, it’s guaranteed those recent bugs are patched on their device. So 8.50 PS4 owners will probably have to wait longer than anybody else for a Jailbreak, as is always the case.

But what are the chances for people on 8.00, 8.01, 8.03? At this moment it’s tough to say, unless some of these reports switch from “undisclosed” to something more interesting in the days or weeks to come, or if one of the hackers who reported a vulnerability has separate disclosure plans. There’s also the slim hope that SpecterDev found some kernel vulnerability about a month ago, but he wasn’t sure if it was exploitable at the time, and hasn’t communicated on it recently. This means there is nothing solid yet for people on 8.xx, and your best bet if you’re wanting to Jailbreak your PS4 is to get your hands on a PS4 running 7.55 or lower.

Update: Some interesting comments from sonic44567 below:

It’s wrong to say that when a ticket gets closed, that’s it. According to the guidelines, a report MUST get closed before asking for disclosure.You can ask for disclosure ONLY AFTER that the report is closed. That’s because a report is closed only when it’s fixed (indeed this bug is fixed with 8.50).
Therefore TheFlow’s disclosures are no exceptions.

The other thing is that Znull already talked about this bug on open orbis discord and he said that it’s not something useful ‘directly’, so he won’t probably disclose it. At least that’s what he said 3 months ago, if he changed his mind idk.

As always, stay tuned to our PS4 Jailbreak page for more updates.