The recent consoles – with the exception of Switch – have proved to be much more resistant to procedures capable of allowing the execution of unsigned code – such as homebrews and emulators, but no computer platform is without flaws, not even the brand new PlayStation 5.
Before talking about the modding of Sony’s latest generation platform, it is good to take a step back, since the news in this sense comes directly from the PS4 scene and from the new exploit recently discovered, capable of affecting all PS4s updated up to 9.00 firmware released mid-September.
The system used to breach the PS4 protections exploits a bug in the WebKit implementation used by the console, giving the green light to the possibility of accessing a PS4 kernel exploit. This allows for the installation of a homebrew enabler – and therefore being able to run programs installed on a USB stick – simply by visiting a particular website designed to exploit the WebKit flaw. Here is the exploit in action.
9.👀 (awesome work by chendochap & @Znullptr) pic.twitter.com/ME12bLyu3C
— Specter (@SpecterDev) December 13, 2021
The flaw that has been corrected in the latest version of the PS4 operating system – 9.03 -, and that it was possible to exploit thanks to the analysis of the differences between the two WebKit implementations, which allowed the community to realize the exploit in question. At the beginning of the article, we also mentioned PS5 as it seems that the new console also suffers from the same vulnerability ( at this point for a little while longer ).
Unlike on PS4, on PS5 there is no way to take advantage of the flaw, as the field of the team that worked on the exploit does not have a console to work on it. In addition to this, we remind you that Sony has removed direct access to the web browser, making it more difficult to use, even if it is not entirely impossible. In fact, there is the possibility of exploiting the messages sent via the PlayStation app in order to access a particular site, but – as we have already said – at the moment this is of little use, given that the exploit to be exploited is missing.