Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 27: | Line 27: | ||
== WebKit exploits == | == WebKit exploits == | ||
WebKit exploits are harder to make and do not even give arbitrary RW because of PS5 memory protections. | |||
=== Modal Browser HTTPS Bypass === | === Modal Browser HTTPS Bypass === | ||
* It is possible to bypass HTTPS in the modal browser, if you reply to the HTTPS CONNECT with a standard HTTP 1.1 response, instead of attempting to create a tunnel. The | * It is possible to bypass HTTPS in the modal browser, if you reply to the HTTPS CONNECT with a standard HTTP 1.1 response, instead of attempting to create a tunnel. The browser will just display that response. The downside to this is you have no idea what the contents of even the HTTP REQUEST would have been, but it is useful for directing the web browser to any website you want. | ||
==== Patched ==== | ==== Patched ==== | ||
Line 163: | Line 165: | ||
* Shuffle from Fail0verflow for the FreeBSD 11 and PS5 PoC in C++ (2024-09-14) | * Shuffle from Fail0verflow for the FreeBSD 11 and PS5 PoC in C++ (2024-09-14) | ||
* Flatz for writing a PS5 exploit chain with TheFloW's BD-JB2 (2024-09-14) | * Flatz for writing a PS5 exploit chain with TheFloW's BD-JB2 (2024-09-14) | ||
=== Analysis === | === Analysis === | ||
Line 172: | Line 173: | ||
* [https://securityonline.info/freebsd-issues-urgent-security-advisory-for-cve-2024-43102-cvss-10/ Vulnerability press release (2024-09-09)] | * [https://securityonline.info/freebsd-issues-urgent-security-advisory-for-cve-2024-43102-cvss-10/ Vulnerability press release (2024-09-09)] | ||
* [https://accessvector.net/2024/freebsd-umtx-privesc Writeup by [email protected] (2024-09-06)] | * [https://accessvector.net/2024/freebsd-umtx-privesc Writeup by [email protected] (2024-09-06)] | ||
=== Bug Description === | === Bug Description === | ||
Line 193: | Line 193: | ||
* [https://gist.github.com/flatz/89dfe9ed662076742f770f92e95e12a7 JAVA implementation for PS5 chained with BD-JB2 by Flatz (2024-09-14)] | * [https://gist.github.com/flatz/89dfe9ed662076742f770f92e95e12a7 JAVA implementation for PS5 chained with BD-JB2 by Flatz (2024-09-14)] | ||
* [https://gist.github.com/flatz/5e12f75cdb210516d31df03069f7ed0a LUA implementation for PS5 chained with LUA exploit by Flatz (2024-09-14)] | * [https://gist.github.com/flatz/5e12f75cdb210516d31df03069f7ed0a LUA implementation for PS5 chained with LUA exploit by Flatz (2024-09-14)] | ||
=== Patched === | === Patched === | ||
Line 331: | Line 330: | ||
* Vulnerable on PS5 FWs <= 2.50 and potentially patched since 3.00. | * Vulnerable on PS5 FWs <= 2.50 and potentially patched since 3.00. | ||
= Unclassified = | = Unclassified = |