Douglas Oliveira
Public Legend
Retired Staff
Local Legend
Local Hero
Local Celebrity
Community Elite
Community Veteran
Determined Poster
Active Member
Console ID Poster
Hacker Vultra has shared a proof of concept of a semi-recent webkit vulnerability, which seems to impact the latest PS4 firmware 6.02.
More precisely, the bug impacts recent versions of the Webkit engine on PS4 6.00 and above, up to the 6.10 Beta. Firmwares 5.xx and below are apparently not vulnerable, possibly because their version of Webkit doesn’t have the vulnerable function.
The vulnerability itself (a bug in JSC::arrayProtoPrivateFuncConcatMemcpy) was first detailed on externalist’s github about 4 months ago. It is assigned CVE Number CVE-2018-4538, and another detailed writeup (from September) on the vulnerability and how it is exploitable in Safari can be found here.
The vulnerability has been fixed in Webkit several months ago, but it seems the patch might not have made it to the PS4 yet.
There is no doubt that Sony will ultimately bring the fix to their Webkit implementation. Additionally, user exploits such as webkit exploits are historically not useful “as is” on modern consoles*, where they are typically just used as entry points for privilege escalation (kernel exploits or Jailbreaks). Therefore, the chances of this becoming more than a proof of concept are very slim.
With that being said, if you are running on PS4 6.00 or above, you can give a try to the proof of concept by pointing your PS4 browser to https://c0rpvultra.github.io/PS4_jsc_ConcatMemcpy_POC/.?
More precisely, the bug impacts recent versions of the Webkit engine on PS4 6.00 and above, up to the 6.10 Beta. Firmwares 5.xx and below are apparently not vulnerable, possibly because their version of Webkit doesn’t have the vulnerable function.
The vulnerability itself (a bug in JSC::arrayProtoPrivateFuncConcatMemcpy) was first detailed on externalist’s github about 4 months ago. It is assigned CVE Number CVE-2018-4538, and another detailed writeup (from September) on the vulnerability and how it is exploitable in Safari can be found here.
The vulnerability has been fixed in Webkit several months ago, but it seems the patch might not have made it to the PS4 yet.
There is no doubt that Sony will ultimately bring the fix to their Webkit implementation. Additionally, user exploits such as webkit exploits are historically not useful “as is” on modern consoles*, where they are typically just used as entry points for privilege escalation (kernel exploits or Jailbreaks). Therefore, the chances of this becoming more than a proof of concept are very slim.
With that being said, if you are running on PS4 6.00 or above, you can give a try to the proof of concept by pointing your PS4 browser to https://c0rpvultra.github.io/PS4_jsc_ConcatMemcpy_POC/.?
