PS4 Webkit FontFace vulnerability: Sleirsgoevy publishes new Proof Of Concept, asks for tests with firmware 9.00
PS4 scene developer extraordinaire Sleirsgoevy has been working on the recently revealed Webkit FontFace vulnerability, to try and turn it into an actual exploit. Today he’s published a new Proof of Concept that takes the vulnerability further (link below). Although it’s not a full fledged exploit yet (and, according to him, only works on PC – that is, an unpatched Safari – for now), it shows significant progress in the right direction for the vulnerability.
Even if the code only allegedly “works” on PC (Safari) for now, Sleirsgoevy is expecting people to test this on the PS4, particularly firmware 9.00, to see what results we are getting (test url below).
https://t.co/AvVlmQtN5b
PoC for the FontFaceSet vulnerability, which was wrongly classified as a use-after-free. Works only on PC for now. Please check if this prints “failed to guess…” for you. Especially interested in reports from 9.00.— sleirsgoevy (@sleirsgoevy) October 24, 2021
PS4 Webkit FontFace vulnerability a tough nut to crack?
My uneducated take on this is that Sleirsgoevy wouldn’t have published “early work” if the vulnerability was easy to exploit. Looking at the Javascript code embedded in the page, this is turning out to be a game of guessing where the “malicious” font ends up in RAM, which means stability of the exploit might be a problem if the hacker eventually gets it to work on PS4.
So I’m cautiously optimistic on this: on the one hand, there is not an actual working PS4 Webkit exploit yet, on the other hand, this looks like it’s definitely exploitable.
Keep in mind that a webkit exploit in itself is not directly useful for the end user. It needs to be coupled with a privilege escalation (a.k.a. Kernel exploit) to lead to a full PS4 Jailbreak. Currently, there is no publicly known kernel exploit for firmwares 8.xx and above, 7.55 being the currently highest exploitable firmware version.
If you test the exploit currently on your PS4, you’re likely to encounter a “failed to guess fontface addr” or “not enough system memory” error. Those are not necessarily a bad sign, but they’re just saying the script needs to be (heavily?) tweaked to work on PS4.
Download/Test the Webkit FontFace PoC on your PS4
If you want to test this on your PS4, point your browser to http://vdsina.sleirsgoevy.dynv6.net:8081/
You can also download the PoC here.
Fingers crossed that this leads to something good.
Source: Sleirsgoevy
Fiiiirst
keep going Firstus
I’ve ruined these comments lol I’m the original silly billy I use to put my name as things like firstus sucks now everyone copies my name lol
I’ve ruined these comments lol I’m the original silly billy I use to put my mouth on things especially other peoples co…..cks
I’ve ruined these comments lol I’m the original silly billy I use to put my name as things like firstus sucks now everyone copies my name lol
third i guess, better than losing your name like silly billy
Look again, you’re SEEECOOOONDDDD
nice, some comment got deleted
most people of course updated 9.00 and only some stayed as low as down to 8.00 like me. I understand but still could be better chance if testing on lower FW like 8.00 for some chances maybe just maybe.
Can it do 4K?
mine on 9.0 says there is not enough system memory
This was definitely tied into/related to the iOS jailbreak that just dropped yesterday, just like I thought. The fact that he just made this POC and dropped it literally right after Linus dropped his iOS exploit, duh…. that’s good news people. That iOS exploit is supposed to be something big. At least I am jailbreaking my iPhone 12 Pro tonight. Here’s to hoping my PS4 will be shortly after (been sitting on 8.03 since I got burned and missed the 7.55 jb a week before it dropped cuz I wanted PSN access to buy a game. Grrrrrrrr”
Not giving an F. The 7.55 exploit is still a trainwreck with low success rate and constant kernel panic. Make 7.55 useful please first
Hi there!! this was cool. thank you for sharing 🙂
bip ba doop ba doop
bapiti bap bap?