![]() Therefore TheFlow’s disclosures are no exceptions. That’s because a report is closed only when it’s fixed (indeed this bug is fixed with 8.50). According to the guidelines, a report MUST get closed before asking for disclosure.You can ask for disclosure ONLY AFTER that the report is closed. It’s wrong to say that when a ticket gets closed, that’s it. Update: Some interesting comments from sonic44567 below: This means there is nothing solid yet for people on 8.xx, and your best bet if you’re wanting to Jailbreak your PS4 is to get your hands on a PS4 running 7.55 or lower. There’s also the slim hope that SpecterDev found some kernel vulnerability about a month ago, but he wasn’t sure if it was exploitable at the time, and hasn’t communicated on it recently. So 8.50 PS4 owners will probably have to wait longer than anybody else for a Jailbreak, as is always the case.īut what are the chances for people on 8.00, 8.01, 8.03? At this moment it’s tough to say, unless some of these reports switch from “undisclosed” to something more interesting in the days or weeks to come, or if one of the hackers who reported a vulnerability has separate disclosure plans. ![]() PS4 8.50 Jailbreak a possibility?įor people on the latest firmware, it’s guaranteed those recent bugs are patched on their device. But nothing’s telling us whether this will be disclosed or not. That kind of level of bounty smells like kernel-exploit to me. Probably the most interesting of the recently closed vulnerabilities is a $10’000 bounty attributed to scene hacker Znullptr. ![]() This makes TheFloW’s disclosures the exception, not the rule. As a matter of fact, a rapid look at the list of bounties shows that so far, less than 5% of reported vulnerabilities to Sony have then been disclosed on the hackerOne platform. I’d love to show hope that some of them will be disclosed later on, but that doesn’t seem to be how the platform works: When a ticket gets closed, that’s it. But all of them are marked as “undisclosed”, which is annoying. Over the past week, we’ve seen a good amount of vulnerability reports being closed on Sony’s bounty page. Sony gets to strengthen their platform on the latest firmware for 99% of their userbase, while tinkerers who chose to stay on a lower firmware have a good chance at getting a jailbreak eventually.īut it all depends on disclosure actually happening, though, and that part’s not a good sign so far. I was proven wrong, to some extent: the recent 7.55 and 7.02 exploits were both based on submissions to the bounty program (both by TheFloW). When this was announced last year, I had mixed feelings about it, as I was concerned this would reduce the chances of getting jailbreaks for the PS4. Hackers can legitimately submit vulnerabilities to Sony, get paid for it, and discuss a proper disclosure process with the PS4 manufacturer. A bit less than a year ago, Sony’s PlayStation branch joined bounty platform HackerOne.
0 Comments
Leave a Reply. |