This is for the Pwners : Exploiting a WebKit 0-day in PlayStation 4 presented at BlackHatEurope 2020

by Quentin Talbi,

Summary : Despite an active console hacking community, only few public PlayStation 4 exploits have been released. The exposed WebKit-based browser is usually the entrypoint of a fullchain attack: from browser exploitation to kernel exploitation. However, browser-engine hardening techniques together with the total absence of debugging capabilities make it very hard to successfully exploit bugs in the latest PS4 firmwares. In this talk, we will present how we managed to debug then exploit a 0-day WebKit vulnerability on 6.xx firmwares. The bug has been reported by our fuzzers and is currently under the process of responsible disclosure.The bug is a Use-after-Free (UAF) vulnerability in WebKit engine. The exploitation of this bug requires a deep understanding of WebKit's primary heap allocator. The key concepts of the allocator as well as the primitives required to massage the heap will be introduced to the audience.