Hacker qwertyoruiop just released a Webkit exploit for PS4s running on Firmware 4.0x.

According to the hacker, the exploit works up to firmware 4.06 at least (update: users have independently confirmed this also works on firmware 4.07), but it has been patched in firmware 4.50. People have confirmed the exploit seems to behave as expected on their 4.0x PS4, others have confirmed it works on firmware 3.55 as well.

Users who want to test the vulnerability can point their PS4 browser to http://rce.party/ps4/.

This is what this should look like if your PS4 is vulnerable to the exploit:

On firmware 4.50, this is the (self explanatory) error you’ll get:

Details on the PS4 4.0x Webkit exploit

I assume people can start digging into the details of the exploit, however qwertyoruiop gave the precision that the exploit is triggered by a Use After Free vulnerability. We might see a writeup on the vulnerability at some point.

 bug used is a stack uninit read yielding UaF — qwertyoruiop (@qwertyoruiopz) March 29, 2017

What does the PS4 4.0x Webkit Exploit mean to the end user?

This is not a full console jailbreak, simply a usermode exploit within webkit at this point. The hacker gave the precision that this gives you arbitrary read/write, meaning hackers can start poking into memory. I would expect an upcoming release of known tools such as PS4 playground for tinkerers to easily start playing.

In other words, this is not something that is directly useful to the end user, and does not imply any jailbreak is coming soon (Firmware 3.55 has had a webkit exploit for quite some time now, but is still not fully hacked). Nevertheless, this is the first public released exploit for PS4 in a very long time (the last release was a 3.55 Webkit PoC in August 2016), and could trigger some further releases if it sparkles interest in the scene.

Note that any PS4 bought new today will ship with a firmware 4.0x or lower.

Stay tuned on our PS4 Jailbreak page for more details as they come.

Source: qwertyoruiop, thanks to everyone that sent this