not exactly an issue but a suggestion: study (and possibly port) CVE 2020-9951

[zecoxao]

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1124

Seems like a good candidate. What better person to port this than a russian? Of course we need to check if ps4 webkit is vulnerable to this, but if it is we should have a proper webkit exploit for 7.02 and below (and who knows, 7.55 and below as well?)

[sleirsgoevy]

I will take a look into it; at least it does not like an obvious dead end, like any JIT-based exploit. Will have to build a debug version of the whole WebKit though; my current script only builds JavaScriptCore.

[zecoxao]

thanks. i hope there is a solution here :)

[zecoxao]

since i also don't know your twitter handle or handle for other social media i'll leave this here https://www.sendspace.com/file/sg19ns
MACROSS= Retail

[sleirsgoevy]

I do have Twitter, however I registered one specifically to reach Al Azif and don't really check it. As of now Telegram is my primary messenger.

Thanks anyway, will check this out as soon as I reach my PC.

[gorshco]

Sergey, did you had the chance to give it a look?

[sleirsgoevy]

It seems that I have a PoC, but nowhere close to a working exploit yet.

[zecoxao]

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1155
maybe something better, since it shows where the actual flaw is

[curly-deni]

Hey. the webkit 0day was introduced today, which should theoretically work on 7.xx. you are the developer who can implement it on this firmware. do you have time to try adapting this for 7.xx?
https://github.com/synacktiv/PS4-webkit-exploit-6.XX https://www.synacktiv.com/publications/this-is-for-the-pwners-exploiting-a-webkit-0-day-in-playstation-4.html

[sleirsgoevy]

I already saw this, but thanks anyway.

[komawoyo]

Here's a list of CVE that may be useful. I'm a fan of your talent 👍
CVE-2018-4441 has already been used on previous wekit exploits. This list has many more after 4441.
https://github.com/tunz/js-vuln-db#projectzero