PlayStation Now bug allowed execution of arbitrary code on Windows

Bug in PlayStation Now for Windows

A critical bug that has been fixed in the PlayStation Now app for Windows could be used by malicious sites to execute arbitrary code. Let me remind you that this service is already used by over 2,000,000 people.

The vulnerability was discovered this summer by cybersecurity expert Parsia Hakimian and reported through the recently launched official PlayStation bug bounty program on HackerOne. The issue affected PS Now version 11.0.2 and earlier on computers running Windows 7 SP1 or later.

The researcher found that due to problems connecting to the application via a web socket, sites opened in any browser could send requests to the application and load malicious URLs, which could then trigger arbitrary code execution on the system.

The PlayStation Now application version 11.0.2 is vulnerable to remote code execution (RCE). Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable websocket connection.posted Parsia Hakimian on HackerOne.

Essentially, the app set up a local web socket server that did not check the source of incoming requests, which allowed sites to send PlayStation Now requests. To successfully exploit this error, attackers must convince the PS Now user, whose device they want to hack, to open a specially crafted malicious site. For example, by sending a link to such a resource in a phishing email, leaving it on the forum, on the Discord channel, and so on.

In addition, the Electron AGL app launched by PlayStation Now may have been instructed to load specific sites using commands sent to the server’s web socket. AGL could also be used to run local applications. Moreover, the AGL Electron application allowed JavaScript to trigger new processes on loaded web pages, essentially making the code run as well.

Currently, the critical bug has already been fixed, and Hakimian received a reward of $15,000 for his discovery, despite the fact that the vulnerability did not fall under the conditions of the bug bounty: it affected a Windows application, and involved not one of target systems, included in the program (PlayStation 4 and PlayStation 5 systems, operating systems, accessories, or PlayStation Network.).

My $15K PlayStation bug has finally been disclosed. My one and only tip is to read every single @taviso bug. This is essentially two of his public bugs chained together.posted by Parsia Hakimian on Twitter.

Let me remind you that the researcher accidentally found a 0-day bug in Windows 7 and Windows Server 2008.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published. Required fields are marked *