PS4 Webkit FontFace vulnerability: Sleirsgoevy publishes new Proof Of Concept, asks for tests with firmware 9.00
PS4 scene developer extraordinaire Sleirsgoevy has been working on the recently revealed Webkit FontFace vulnerability, to try and turn it into an actual exploit. Today he’s published a new Proof of Concept that takes the vulnerability further (link below). Although it’s not a full fledged exploit yet (and, according to him, only works on PC – that is, an unpatched Safari – for now), it shows significant progress in the right direction for the vulnerability.
Even if the code only allegedly “works” on PC (Safari) for now, Sleirsgoevy is expecting people to test this on the PS4, particularly firmware 9.00, to see what results we are getting (test url below).
PoC for the FontFaceSet vulnerability, which was wrongly classified as a use-after-free. Works only on PC for now. Please check if this prints “failed to guess…” for you. Especially interested in reports from 9.00.
— sleirsgoevy (@sleirsgoevy) October 24, 2021
PS4 Webkit FontFace vulnerability a tough nut to crack?
So I’m cautiously optimistic on this: on the one hand, there is not an actual working PS4 Webkit exploit yet, on the other hand, this looks like it’s definitely exploitable.
Keep in mind that a webkit exploit in itself is not directly useful for the end user. It needs to be coupled with a privilege escalation (a.k.a. Kernel exploit) to lead to a full PS4 Jailbreak. Currently, there is no publicly known kernel exploit for firmwares 8.xx and above, 7.55 being the currently highest exploitable firmware version.
If you test the exploit currently on your PS4, you’re likely to encounter a “failed to guess fontface addr” or “not enough system memory” error. Those are not necessarily a bad sign, but they’re just saying the script needs to be (heavily?) tweaked to work on PS4.
Download/Test the Webkit FontFace PoC on your PS4
If you want to test this on your PS4, point your browser to http://vdsina.sleirsgoevy.dynv6.net:8081/
You can also download the PoC here.
Fingers crossed that this leads to something good.