Proceeding the Talos WebSocket Vulnerability, their Pwners PS4 WebKit Exploit, the Synacktiv PS4 WebKit Port Fork with resulting PS4 WebKit / Kernel Exploit, the PS5 SMAP Bypass Vulnerability and this weekend’s PS4 & PS5 Dev Kit Leaks security researchers abu_y0ussef and 0xdagger of Synacktiv recently held a You got a Trophy: Jailbroken PS4 presentation at SSTIC 2021 recapping their PS4Scene findings (PDF File / GIT) first unveiled at Black Hat Europe 2020 that includes a 3rd closing slide commenting on a Tweet by @sleirsgoevy (Twitter).
From the Presentation Page is a brief description, to quote roughly translated: You got a trophy: Jailbroken PS4 – Mehdi Talbi, Quentin Meffre on June 02, 2021 at 2:45 p.m. – 30 min.
The PlayStation 4 browser is arguably the most targeted attack surface for a console jailbreak. However, the hardening techniques enjoyed by current browsers coupled with the lack of debugging capability make it difficult to exploit bugs on the latest PS4 firmware.
This presentation details the exploitation strategy we adopted in order to exploit a 0-day vulnerability in WebKit. This is a Use-After-Free vulnerability which initially only offers limited primitives. However, thanks to a weakness identified in ASLR, it was possible to exploit this vulnerability leading to the first public jailbreak on version 7 of the PS4.
This is for the Pwners : Exploiting a WebKit 0-day in PlayStation 4
Cheers to @oneman123 for the heads-up on this via Twitter earlier on!