Fire30 reveals exploit webkit on firmware 6.20

Fire30 reveals exploit webkit on firmware 6.20

Fire30 has just reveals a new exploit webkit to the PlayStation 4 scene.

Its browser exploit makes it possible in particular to take advantage of the addrof / fakeobj functions which offer arbitrary reading and writing primitives.

According to Fire30, this exploit was corrected under firmware 7.00, thus leaving a new opportunity to find a kernel exploit from firmware 5.50 to firmware 6.72.

Webkit exploits are not kernel exploits, they don't offer userland kernel privileges, this isn't the first exploit of this type on firmware 6.xx, there are already PoC WebKit JSC_ConcatMemcpy and WebKit Code Execution Exploit PoC PS4 6.20.

His webkit exploit is here: bad_hoist

The exploit uses an implementation of CVE-2018-4386.

Post a Comment


  1. my ps4 fat is on 6.20 can i hack it now since the 7.02 come