- #PLAYSTATION STREAMING PC CODE#
- #PLAYSTATION STREAMING PC WINDOWS 7#
- #PLAYSTATION STREAMING PC WINDOWS#
Sony announced the launch of its public HackerOne PlayStation bug bounty program in June 2020, a program that pays security researchers and gamers for reporting security issues found in the PlayStation 4 and 5 systems, operating systems, accessories, and the PlayStation Network.
#PLAYSTATION STREAMING PC CODE#
To successfully exploit the RCE bug, attackers have to persuade the PS NOW user whose device they want to compromise to open a specially crafted site using a malicious link provided via phishing emails, forums, Discord channels, etc.Īfter opening it in any web browser on their computer, malicious scripts on the website will connect to the local WebSocket server and ask AGL to load malicious Node code from another site and run it on the target's device. This is possible because the websocket server started on the target's device does not perform any Origin header or request origin checks. This is essentially two of his public bugs chained together. My one and only tip is to read every single bug. My $15K PlayStation bug has finally been disclosed. The AGL application performs no checks on what URLs it loads." "This can lead to arbitrary code execution.
"JavaScript loaded by AGL will be able to spawn processes on the machine," the researcher further explained. The attackers can run malicious code on a PS NOW user's computer via a local WebSocket server started by the psnowlauncher.exe on port 1235 using the AGL Electron application it spawns after launch. "Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable websocket connection," Hakimian said. Hakimian found that, when chained, the critical security issues allowed unauthenticated attackers to launch remote code execution (RCE) attacks by abusing a code injection weakness.
#PLAYSTATION STREAMING PC WINDOWS#
He was awarded a $15,000 bounty for his report even though his submission was not in-scope - i.e., it affected a Windows app and not one of the target assets included in the bug bounty program (the PlayStation 4 and PlayStation 5 systems, operating systems, accessories, or the PlayStation Network.) Insecure Electron app exposes users to RCE attacks PlayStation addressed the bug and tagged the bug report as 'Resolved' one month later, on June 25th, 2020.
Hakimian reported the PS Now bug on May 13, 2020, through PlayStation's official bug bounty program on HackerOne.
#PLAYSTATION STREAMING PC WINDOWS 7#
The vulnerabilities discovered by bug bounty hunter Parsia Hakimian affected PS Now version 11.0.2 and earlier on computers running Windows 7 SP1 or later. PlayStation Now reached more than 2.2 million subscribers at the end of April 2020 since the service's launch in 2014. Security bugs found in the PlayStation Now (PS Now) cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions.
0 kommentar(er)
