Earlier this week, Davee released a proof of concept Native exploit within Webkit for the Playstation Vita. The code would only work on firmware 2.60, but with the implicit promise that firmwares up to 3.18 included are vulnerable.Given the fire that propagated through the scene within minutes of us mentioning this release, hackers left and right were quick to contact me about giving proper credit for the exploits; Davee also got busy upgrading the exploit with BBalling (CodeLion) to make it work for all supported firmwares. That is, all firmwares up to 3.18 included (no, as we said several times over the past few weeks, this specific Webkit exploit does not work on 3.30, and if you upgraded, you made the decision intentionally).
It is also now confirmed that this is the same exploit that was mentioned by Acid_snake and CodeLion in this article: Native Vita Hacking: What’s the situation so far? (Part 2)
In a short blog post, Davee stated that the driving force behind this exploit is CodeLion. Josh_Axey and Archaemic have also leveraged this exploit in their own ongoing experiments.
He also updated the exploit, after CodeLion posted his own 3.18 compatible version. Davee’s version ends up being more self contained for the end user, so that’s the one I’m showing below (CodeLion’s code needs netcat to run on the server, which can be extremely useful for debugging purposes, devs might want to give it a look).
Test on your vita
You can test if your vita is vulnerable with the link below. Vulnerable vitas should see something like this (screenshot thanks to @WAFLNeo):
Non vulnerable vitas will see an error code, most likely, something similar to the screenshot below:
Test links:
http://wololo.net/v/webkit/vita.htm (mirror)
So, is your vita vulnerable? Did you avoid the temptation of updating to 3.30?
SOURCE: wololo.net
