An exploit for the PS4's firmware 7.55 was revealed today by hacking scene member TheFlow. However, it was actually reported back in June 2020 and disclosed only today as TheFlow worked with Sony's HackerOne bounty program to patch this vulnerability. The reported exploit was marked as resolved in October. TheFlow also did similar disclosures with previous exploits he found and helped fix.

The HackerOne page notes that this vulnerability can cause a "fully chained remote attack" when used with a WebKit exploit, steal/manipulate user data and even dump and run pirated games. As such, it could be used together with the Webkit exploit from last December to jailbreak PS4 systems on firmware 7.55. However, no relevant files have been made publicly available regarding the FW 7.55 exploit with today's disclosure.

SOURCE

 

[Jiehfeng]

Wait, so he snitched on us?

 

[Prans]

Wait, so he snitched on us?

well, he found an exploit, gained some cash by reporting it to Sony and even managed to disclose it (later, but if you didn't update your system beyond that FW, you're still good) and the scene can work with that info

 

[Jiehfeng]

well, he found an exploit, gained some cash by reporting it to Sony and even managed to disclose it (later, but if you didn't update your system beyond that FW, you're still good) and the scene can work with that info

Yeah good point, it still exists so it doesn't matter, hadn't thought of it that way.

 

[Xen0]

Wait, so he snitched on us?

Well... Choose between toxic and ungrateful community (I know this doesn't apply to many but these are the loudest) vs. money.

+FW up to this point can still benefit from this.

 

[Tom Bombadildo]

Good work as always from The Flow, deserves every penny he got from turning it in first. Here's hoping he will find something for 8.0+ eventually as well.

 

[spotanjo3]

I saw the news on twitters. Can't wait for The Last Of Us 2. The fw is 7.50. And there are many hot games on 7.55 too. Excited!

 

[SonyUSA]

Patched in 8.0 supposedly. So anything under 8.0 should be exploitable now!

 

[godreborn]

not sure if he'll continue to work on the ps4. this exploit was disclosed about three months ago to sony iirc. until yesterday, it didn't mention what the exploit was, but there hasn't been anything ever sense. afaik, theflow can choose to disclose or not to disclose, so I think he's the reason we have this information now. he may have had to wait, because according to the disclosure agreement, so much time has to have elapsed. and, it's been patched, so no real harm to sony.

anyway, theflow said he was leaving the ps4 scene. he left and found a new exploit for the vita called henlo, which no one seems to know exists other than wololo. playstationhax is what pissed him and why he quit. it's due to the admin saying he sold his soul for disclosing this info to sony, but who the hell would turn down the potential for $50,000? if you have the skills, go for it. it's a win win since he can disclose the exploit, just as long as a reasonable amount of time has passed and he still gets the money.

 

[CanIHazWarez]

Another potential end-of-life exploit ruined. I hope he enjoyed his good-boy pats on the head from Sony.

 

[SonyUSA]

Another potential end-of-life exploit ruined. I hope he enjoyed his good-boy pats on the head from Sony.

You're mad at him because you can't steal software that requires the latest firmware? Homebrew hasn't changed and doesn't require higher firmware versions, and there are tons of available <8.0 consoles out there to buy cheap.

 

[susi91]

Thanks to TheFloW for all the awesome work

 

[CanIHazWarez]

You're mad at him because you can't steal software that requires the latest firmware?

I already have an exploitable system (that I paid through the nose for). What I care about are people just getting into the scene who could have gotten any cheap used system or black Friday deal, who now have to scour the Internet in hopes of finding a rare, overpriced system that's under a certain firmware. It greatly increases the barrier to entry.

 

[K3Nv3]

Aye just so happen to have a old ps4 on 7.55 will sale for $1,000 or ps5

 

[subcon959]

Would this make Ghost of Tsushima playable?

 

[godreborn]

Would this make Ghost of Tsushima playable?

I believe so, yes. I think that game requires 7.5x.

 

[Tom Bombadildo]

I already have an exploitable system (that I paid through the nose for). What I care about are people just getting into the scene who could have gotten any cheap used system or black Friday deal, who now have to scour the Internet in hopes of finding a rare, overpriced system that's under a certain firmware. It greatly increases the barrier to entry.

So TheFlow should give up $10,000 to give whiny children a better chance at getting free games?

k.

 

[godreborn]

Aye just so happen to have a old ps4 on 7.55 will sale for $1,000 or ps5

I bought my dragon quest metal slime ps4 for around $525 used many years ago. this was before any exploit existed above 1.76. it's currently on 5.05. the only thing missing from this used system was the theme, but a friend found the god link to it, and I made a fix. it's currently installed on my system, and it remains installed even without hen (I found a way to keep them fixed even when changing themes somehow). anyway, that system was marked down from $800, since it's a limited edition, Japanese system. the game voucher still worked which I dumped later on 4.55.

 

[K3Nv3]

I bought my dragon quest metal slime ps4 for around $525 used many years ago. this was before any exploit existed above 1.76. it's currently on 5.05. the only thing missing from this used system was the theme, but a friend found the god link to it, and I made a fix. it's currently installed on my system, and it remains installed even without hen (I found a way to keep them fixed even when changing themes somehow). anyway, that system was marked down from $800, since it's a limited edition, Japanese system. the game voucher still worked which I dumped later on 4.55.

I could've sworn mine was on an older update at some point but must've upgraded thinking well, looks like we wont see any exploits may as well use it in the living room.

 

[Madridi]

The amount of entitlement from some people is incredible.
He found the exploit, he can do whatever he wants with it. Period.

And yet he still shares his findings with the community.