PSFree version 1.4.0
PSFree is a WebKit exploit using CVE-2022-22620 to gain arbitrary read/write.
vulnerable:
- PS4 6.xx-9.xx (tested 6.00-9.60)
- PS5 1.xx-5.xx (tested 1.00-5.50)
CREDITS:
-
anonymous for PS4 firmware kernel dumps
-
janisslsm from ps4-dev on discord.com
- contributed ROP chain managers for 8.5x and 9.0x
- contributer of the ROP chain manager for 9.5x
- Helped in figuring out the size of JSC::ArrayBufferContents and its needed offsets on different firmwares.
-
barooney from ps4-dev on discord.com
- contributer of the ROP chain manager for 9.5x
-
CelesteBlue from ps4-dev on discord.com
- Helped in figuring out the size of WebCore::SerializedScriptValue and its needed offsets on different firmwares.
- figured out the range of vulnerable firmwares
-
Kameleon_ from ps4-dev discord
- Asked people to test 1.3.0 (beta) on other firmwares and reported if the peformance boost worked (reports from 6.72-9.60).
-
Quentin Meffre (@0xdagger) and Mehdi Talbi (@abu_y0ussef) for the 6.xx buildBubbleTree() UaF exploit that served as the framework for the exploit.
-
Maddie Stone for the CVE writeup