1. [​IMG]
    An exploit for the PS4's firmware 7.55 was revealed today by hacking scene member TheFlow. However, it was actually reported back in June 2020 and disclosed only today as TheFlow worked with Sony's HackerOne bounty program to patch this vulnerability. The reported exploit was marked as resolved in October. TheFlow also did similar disclosures with previous exploits he found and helped fix.

    The HackerOne page notes that this vulnerability can cause a "fully chained remote attack" when used with a WebKit exploit, steal/manipulate user data and even dump and run pirated games. As such, it could be used together with the Webkit exploit from last December to jailbreak PS4 systems on firmware 7.55. However, no relevant files have been made publicly available regarding the FW 7.55 exploit with today's disclosure.

    :arrow: SOURCE
     
  2. Discussion (103 replies)

  3. Jiehfeng

    Jiehfeng Netti Netti
    Member

    Joined:
    Aug 15, 2012
    Messages:
    5,172
    Country:
    Sri Lanka
    Wait, so he snitched on us? :P
     
    Ishzark, Immortallix, xalphax and 7 others like this.
  4. Prans

    OP Prans Geek, gamer, human
    Senior Editor

    Joined:
    Apr 22, 2012
    Messages:
    1,697
    well, he found an exploit, gained some cash by reporting it to Sony and even managed to disclose it (later, but if you didn't update your system beyond that FW, you're still good) and the scene can work with that info
     
    Benzter, Cortador, Ishzark and 21 others like this.
  5. Jiehfeng

    Jiehfeng Netti Netti
    Member

    Joined:
    Aug 15, 2012
    Messages:
    5,172
    Country:
    Sri Lanka
    Yeah good point, it still exists so it doesn't matter, hadn't thought of it that way.
     
    KlariNoX, Scott_pilgrim and Daniiw0lf like this.
  6. Xen0

    Xen0 GBAtemp Fan
    Member

    Joined:
    Oct 8, 2015
    Messages:
    499
    Country:
    Germany
    Well... Choose between toxic and ungrateful community (I know this doesn't apply to many but these are the loudest) vs. money.

    +FW up to this point can still benefit from this.
     
    Benzter, Zukov, CallmeBerto and 24 others like this.
  7. Tom Bombadildo

    Tom Bombadildo Dick, With Balls
    Reviewer

    Joined:
    Jul 11, 2009
    Messages:
    13,746
    Country:
    United States
    Good work as always from The Flow, deserves every penny he got from turning it in first. Here's hoping he will find something for 8.0+ eventually as well.
     
    Benzter, Dodain47, DavidinCT and 16 others like this.
  8. spotanjo3

    spotanjo3 GBAtemp Legend
    Member

    Joined:
    Nov 6, 2002
    Messages:
    10,359
    Country:
    Portugal
    I saw the news on twitters. Can't wait for The Last Of Us 2. The fw is 7.50. :D And there are many hot games on 7.55 too. Excited!
     
  9. SonyUSA

    SonyUSA We're all mad here
    Contributor

    Joined:
    May 12, 2006
    Messages:
    1,585
    Country:
    United States
    Patched in 8.0 supposedly. So anything under 8.0 should be exploitable now!
     
  10. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    14,393
    Country:
    United States
    not sure if he'll continue to work on the ps4. this exploit was disclosed about three months ago to sony iirc. until yesterday, it didn't mention what the exploit was, but there hasn't been anything ever sense. afaik, theflow can choose to disclose or not to disclose, so I think he's the reason we have this information now. he may have had to wait, because according to the disclosure agreement, so much time has to have elapsed. and, it's been patched, so no real harm to sony.

    anyway, theflow said he was leaving the ps4 scene. he left and found a new exploit for the vita called henlo, which no one seems to know exists other than wololo. playstationhax is what pissed him and why he quit. it's due to the admin saying he sold his soul for disclosing this info to sony, but who the hell would turn down the potential for $50,000? if you have the skills, go for it. it's a win win since he can disclose the exploit, just as long as a reasonable amount of time has passed and he still gets the money.
     
    Benzter, CallmeBerto, adamsef and 7 others like this.
  11. CanIHazWarez

    CanIHazWarez GBAtemp Regular
    Member

    Joined:
    Jan 21, 2016
    Messages:
    219
    Country:
    United States
    Another potential end-of-life exploit ruined. I hope he enjoyed his good-boy pats on the head from Sony.
     
    Kimarnic, cvskid, 98otiss and 2 others like this.
  12. SonyUSA

    SonyUSA We're all mad here
    Contributor

    Joined:
    May 12, 2006
    Messages:
    1,585
    Country:
    United States
    You're mad at him because you can't steal software that requires the latest firmware? Homebrew hasn't changed and doesn't require higher firmware versions, and there are tons of available <8.0 consoles out there to buy cheap.
     
    Benzter, Velix, CallmeBerto and 14 others like this.
  13. susi91

    susi91 GBAtemp Regular
    Member

    Joined:
    Sep 13, 2018
    Messages:
    190
    Country:
    Germany
    Thanks to TheFloW for all the awesome work :)
     
    Daniiw0lf and godreborn like this.
  14. CanIHazWarez

    CanIHazWarez GBAtemp Regular
    Member

    Joined:
    Jan 21, 2016
    Messages:
    219
    Country:
    United States
    I already have an exploitable system (that I paid through the nose for). What I care about are people just getting into the scene who could have gotten any cheap used system or black Friday deal, who now have to scour the Internet in hopes of finding a rare, overpriced system that's under a certain firmware. It greatly increases the barrier to entry.
     
    Last edited by CanIHazWarez, Jan 13, 2021
    codezer0, cvskid and Daniiw0lf like this.
  15. kenenthk

    kenenthk Village Idiot
    Member

    Joined:
    May 26, 2013
    Messages:
    622
    Country:
    Burkina Faso
    Aye just so happen to have a old ps4 on 7.55 will sale for $1,000 or ps5
     
  16. subcon959

    subcon959 teh retro
    Member

    Joined:
    Dec 24, 2008
    Messages:
    3,287
    Country:
    Would this make Ghost of Tsushima playable?
     
    Daniiw0lf likes this.
  17. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    14,393
    Country:
    United States
    I believe so, yes. I think that game requires 7.5x.
     
    DavidinCT, 98otiss and Daniiw0lf like this.
  18. Tom Bombadildo

    Tom Bombadildo Dick, With Balls
    Reviewer

    Joined:
    Jul 11, 2009
    Messages:
    13,746
    Country:
    United States
    So TheFlow should give up $10,000 to give whiny children a better chance at getting free games?

    k.
     
  19. godreborn

    godreborn GBAtemp Legend
    Member

    Joined:
    Oct 10, 2009
    Messages:
    14,393
    Country:
    United States
    I bought my dragon quest metal slime ps4 for around $525 used many years ago. this was before any exploit existed above 1.76. it's currently on 5.05. the only thing missing from this used system was the theme, but a friend found the god link to it, and I made a fix. it's currently installed on my system, and it remains installed even without hen (I found a way to keep them fixed even when changing themes somehow). anyway, that system was marked down from $800, since it's a limited edition, Japanese system. the game voucher still worked which I dumped later on 4.55.
     
    Daniiw0lf likes this.
  20. kenenthk

    kenenthk Village Idiot
    Member

    Joined:
    May 26, 2013
    Messages:
    622
    Country:
    Burkina Faso
    I could've sworn mine was on an older update at some point but must've upgraded thinking well, looks like we wont see any exploits may as well use it in the living room.
     
    Daniiw0lf and godreborn like this.
  21. Madridi

    Madridi Card Collector
    Member

    Joined:
    May 9, 2008
    Messages:
    3,549
    Country:
    Qatar
    The amount of entitlement from some people is incredible.
    He found the exploit, he can do whatever he wants with it. Period.

    And yet he still shares his findings with the community.
     
Loading...

Hide similar threads Similar threads with keywords - firmware, revealed, exploit