Console hacker reveals PS4/PS5 exploit that is “essentially unpatchable”

From arstechnica.com

Longtime console hackerCTurt has blasted what he calls an “essentially unpatchable” hole in the security of the PS4 and PS5, detailing a proof-of-concept method that should allow for the installation of arbitrary homebrew applications on the consoles.

CTurt says he disclosed his exploit, dubbed Mast1c0re, to Sony via a bug bounty program a year ago without any sign of a public fix. The method exploits errors in the just-in-time (JIT) compilation used by the emulator that runs certain PS2 games on the PS4 (and PS5). That compilation gives the emulator special permissions to continually write PS4-ready code (based on the original PS2 code) just before the application layer itself executes that code.

By gaining control of both sides of that process, a hacker can write privileged code that the system treats as legitimate and secure. “Since we’re using the JIT system calls for their intended purpose, it’s not really an exploit, just a neat trick,” CTurt said of a since-patched JIT exploit on the PS4’s web browser.

Read more…