exploit for firmware 7.02 and earlier

Unlike what was achieved with PS3, currently downgrade to PS4 firmware is not possible, so once you upgrade to a later version than the one with vulnerabilities, you cannot go back to the previous version. Therefore, if you have firmware prior to 7.02, you may be in luck. Unfortunately, you always need to have the latest version to play online with PS Plus, but if you don’t play online you may have had no incentive to upgrade the console.

Firmware prior to 6.72 required to take advantage of both exploits

This has been announced @ theflow0, which informed Sony of the existence of an exploit in the console kernel. This vulnerability is present in version 7.02 released in December 2019. Since then, Sony has only released two updates: one on April 17 (7.50) and one on May 27 (7.51). The exploit was patched at 7.50.

A few months ago a vulnerability was discovered in firmware 6.20, but finally it seems that it did not amount to anything. This one looks much better, since it looks more serious and affects a newer firmware such as 7.02. This kernel exploit works in conjunction with a WebKit exploit as an introduction vector, which only exists in versions 6.72 and earlier. Therefore, it will be necessary to have a firmware version 6.72 or earlier to be able to enter the exploit. If you are between version 6.72 and 7.02, do not be discouraged, as it is very likely that later you will find another exploit in WebKit that allows the introduction in versions up to 7.02. The version after 6.72 was 7.01, released on December 11, so there may even be consoles for sale that still have the previous firmware.

The community of homebrew on PS4 A few days ago, he feared that hackers would stop publicly reporting PS4 exploits, since Sony’s rewards program is quite greedy and such a vulnerability can be paid for up to $ 50,000. However, it seems that Sony has no problem in that the vulnerabilities are published once they have been reported and patched, as they have commented in the hackerone post.

Sony has paid $ 10,000 to the discoverer of the vulnerability

That’s what Andy Nguyen (@ theflow0 on Twitter) has done, who discovered vulnerability on June 9, 2019. Subsequently, he reported it to Sony, who informed him on March 26 that they were going to pay him $ 10,000 as a reward for finding fault. Interestingly, the ruling was considered to be “High” rather than “Critical”. It would be curious to see what they consider critical, because this failure allows hacking of PS4.

This is a major change of heart on the part of Sony, since instead of suing those who manage to find exploits for their console, as happened with GeoHot and PS3, they now reward them properly.

In short, it is expected that in the coming days and weeks a jailbreak for PS4 that allows homebrew to run. We’ll be alert.

Leave a Reply

Your email address will not be published. Required fields are marked *