PS4: possible 8.52 exploit incoming? CTurt sets the scene on fire
Hacker CTurt dropped a mini bomb on the scene by announcing he has received a $10k payment from Sony’s bug bounty on Hackerone. Rumors are spreading like wildfire that this could be an exploit for PS4’s latest firmware (8.52, excluding the ongoing 9.0 beta). The hacker hasn’t confirmed, or denied the rumors yet.
PlayStation have joined the hackerone bug bounty program a bit more than a year ago. The move has been bittersweet for the scene: while some of the major Jailbreaks of the past year came out of a full disclosure from the program (the recent 7.55 and 7.02 exploits were both based on submissions to the bounty program, both by TheFloW), the vast majority of reported exploits have been silently patched.
Is a PS4 8.52 Kernel Exploit incoming for the scene?
A $10k bounty on Sony’s platform is awarded for “high” to “critical” exploits. Knowing CTurt’s history with PS4 exploits, there’s no question that he could very well have found a new kernel exploit. CTurt is behind multiple kernel exploits on the PS4, that have led to Jailbreaks in the past (namely, the badIRET and dlclose exploits back in 2016).
In other words, the hacker was a driving force of the PS4 scene 5 years ago. But PlayStation wasn’t on the Hackerone bounty program then. This was then, and this is now. Independently of whether CTurt wants to disclose his exploit or not, being allowed full disclosure might not entirely be his choice.
Additionally, no details have emerged from this except the hacker himself saying he was approved for the bounty.
Just heard from PlayStation that I’ve been awarded a $10k bounty, thanks! 👀
— CTurt (@CTurtE) August 19, 2021
In particular, no information has surfaced on the HackerOne site about this vulnerability yet. People have jokingly stated that this could be a PS2 exploit (CTurt has “recently” released one), but the hacker mentioned older consoles are explicitly out of scope of the bounty program. So, this is definitely PS4 related (I’ll eat my shoe if this turn out to be PS5). But again, no hint of a release/disclosure.
CTurt’s profile on HackerOne. No bounty yet, but a “thank you” from PlayStation
Nonetheless, friendly neighborhood Zecoxao is advising people not to upgrade to the latest 9.0, and has been pushing the rumor a bit further into confirmation territory, by stating this is “probably” a 8.52 exploit. Zecoxao has close ties with most hackers on the scene, and might know something we don’t.
probably an exploit patched on 9.00 ps4. probably kernel. stay on 8.52 if you’re there! if you’re on 7.55 or below, DO NOT UPDATE!
— Nagatoro (@notzecoxao) August 19, 2021
Now, whether this is indeed a 8.52 exploit or not, it is important for people to stay calm. If confirmed to be a 8.52 vulnerability, there are a lot of things that would need to happen for this to turn into a release, in particular:
- The exploit actually needs to be disclosed. Nobody has confirmed or denied whether this would happen at this point
- The scene needs a user-level entry point, such as a webkit exploit, to be able to even launch the kernel vulnerability. We do not have that at the moment
- All of this needs to be bundled in a user-friendly exploit. For the 7.55 exploit we’ve seen that this could sometimes take months, even when all the pieces are here.
So, take all of this with a huge bucket of salt for now, and stay tuned.
Fiiiiirst!!!
I’ll get you next time, Gadget, next tiiiiime!
Nob
Holy ***, it’s the man, the legend, the myth incarnate…… Firstus.
You keep going, keep being First.
Nob
Holy ***, it’s the man, the legend, the myth incarnate…… Firstus.
You keep going, keep being First.
Suppose this is true, what triple A titles are there if any that requires 8.52 to play?
Being first this guy thinks its 2003 what a loser
Great news for the scene . . . Maybe ?
Hope that the bounty reason will be disclosed soon.
Excellent¡, maybe soon news?
If this is an 8.52 exploit, they won’t release details until 9 is released and a lot of consoles are automatically updated would be my guess.
Now we need PS5…
Does anyone know if there’s a way to connect to PSN without updating firmware in PS5? or at least if there’s a way to update games without updating firmware?
impossible, you can’t on ps4, much less on ps5
Only when an update is the minor one like sometimes on PS4 and it is not required by SEN to log in into every net service.
cold war yeah
What if i am on 8.00 ?
No go until new exploit, would hold off any updates.
I need some advice. I’m on 8.00 and should I stay there or should I update now. sorry I put on ps4 away in the shed. don’t want to take it out now unless there is a golden opportunity. I’m not good with complex update using pc download pup and install on usb. I want to take simple way like update direct from ps4 console before it’s FW 9.00 appear. anyway, should I update 8.52 now or just stay there for safety and do a complex update through usb when jailbreak is available.
stay there at 8.00 and don’t be an idiot, it’s as easy as watching YouTube to update by usb, it will only take you 30 seconds to do it
lol I’m still on 5.05
I too enjoy only playing old games
The vast majority of PS4 games have been back ported to 5.05 AFAIK
I’m still on 4.05 lol
cant wait 7.55 is pain in the *** I cant even install any updates
Damn, I am willing to pay $10,000 to anyone finding and publishing a working kernel 8.52 exploit!
Seriously.
I am also certain lots of people will be more than happy to have a scene bounty that will be worth the hacker much more than this amount.