New Webkit vulnerability might impact PS5
Scene developer abc has published a proof-of-concept crash based on a 2023 vulnerability in Webkit. Early tests seem to indicate it works on Firmwares 5.xx, 6.xx, and 7.xx, which could be good for people who have been waiting for an entry point on PS5 digital to trigger the recent UMTX Kernel exploit (which should work up to 7.61, but has been missing an entry point in particular on digital PS5 editions).
PS5: CVE-2023-28205 Webkit vulnerability
A few days ago, PlayStation hacker abc has shared a proof of concept crash based on a 2023 Webkit vulnerability. The vulnerability itself is a use-after-free bug initially discovered by security researchers at Google. The issue was fixed last year by Apple in the webkit source code after being reported, but possibly impacts older firmwares of the PS5, potentially up to 7.61 or above.
The issue was assigned CVE id CVE-2023-28205. From Apple’s report:
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Actual useful details on the CVE bug (and how it was patched) can be found here.
Source code for the PS5 PoC can be found on ntfargo’s github here. (Specifically this file contains the actual PoC).
Testing the vulnerability on your PS5
For those willing to test, Zecoxao has put the files on a server that you can point your PS5 to (using typical DNS trickery): https://zecoxao.github.io/ntfargo/
test it please on ps5 digital 6.xx, 7.xx https://t.co/gDeOtD8q4g
— Jose Coixao (@notnotzecoxao) November 30, 2024
If you’re new to the world of console exploits, prepare of course to be underwhelmed. These are just early tests to check whether or not the vulnerability has some legs. If the crash triggers, ultimately your console will display an “out of memory” (OOM) error message or something along the lines.
Now, it is worth reminding everyone that an “out of memory” error message in your PS5 browser is, in 99.99% of the cases, absolutely not an indication that you have an exploit on your hands. In this case however, abc has preemptively replied to that question by confirming some memory corruption is indeed happening before the OOM message triggers:
Awesome stuff! I jumped the gun and bought Hamidashi Creative disc for a permanent LUA entry point but this is nice.
So it is safe to assume that a kernel exploit is WIP for any firmware 7.6.1 and below?
So many updates! So thrilled! 😀
What about ps4?
Most likely impacted as well