Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizen Orange Baba for the clue delivery! CTOnews.com, September 16 (Xinhua)-- CTurt, a hacker who has been working on game consoles for a long time, has exposed a "basically irreparable" vulnerability in the security of PS4 and PS5, which allows hackers to install arbitrary homemade applications on the host.

CTurt said he disclosed the vulnerability to Sony a year ago through a bug reward program called Mast1c0re, but Sony showed no sign of publicly fixing it. The vulnerability exploits an error in just-in-time compilation (JIT) used by simulators running certain PS2 games on PS4 (and PS5), which gives the simulator special permissions to continuously write PS4-ready code (based on the original PS2 code) before the application layer itself executes the code.

In order to control the simulator, hackers can theoretically take advantage of known vulnerabilities in PS2 games that existed decades ago, and most need to use a known available game to access specially formatted save files on the memory card, but this approach is somewhat limited because PS4 and PS5 cannot natively identify standard PS2 discs. This means that any available game must be available through PSN as a downloadable PS2-on-PS4 game, or one of the few PS2 games distributed as physical, PS4-compatible CDs by publishers such as Limited Run Games.

According to CTurt, hackers still need to take advantage of a separate (and possibly repairable) kernel vulnerability to gain "full control" of PS4. But the mast1c0re vulnerability itself should be sufficient to run complex programs, including JIT-optimized simulators, and possibly even pirated commercial PS4 games.

CTurt stressed that it is almost impossible for Sony to plug the loophole of enabling mast1c0re. This is because a version of the available PS2 emulator is packaged with each available PS2-on-PS4 game, rather than stored separately as a core part of the console operating system. "PS2 emulation fundamentally violates [Sony]'s own security model because the privileged code it leaves has no ready-made mechanism to fix potential future vulnerabilities," CTurt said.

CTOnews.com learned that Nintendo's eShop had similar vulnerabilities before, but Nintendo has removed all 3DS games, but there are still downloadable PS2 games on PSN.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.