FrSIRT Reports libtiff exploit as a “RAISED” Risk

FrSIRTThe French Security Incident Response Team has flagged the new libtiff exploit. Apparently the exploit, which hasn’t been fully implemented yet, is already a target for Sony. With news like this, expect to see a firmware 2.81 within the next two weeks. This is the text, as written on the English page.

Technical Description

A vulnerability has been identified in Sony PSP, which could be exploited by attackers to execute arbitrary commands. This flaw is due to an error in the Photo Viewer when handling malformed TIFF images using libTIFF, which could be exploited by attackers to compromise a vulnerable device by tricking a user into opening a malicious image.”

Trends such as this have been seen before, with the 1.5 KXploit release. 3 weeks later, we were handed 1.51. And then, after the original photo exploit in 2.0, it was only two and a half weeks before 2.1 came out. And with the 2.5/2.6 downgrader came 2.7. And now a 2.8. This is sad news, but we can urge all of you: If you want to use homebrew and you think it’s too late since you have 2.8 already, DO NOT UPGRADE. When a 2.81 comes out, you can bet work will continue on hacking the original 2.8.

EXTRA: The FrSIRT page has a references list, and guess who’s on it? That’s right, QJ. A thread in the Developers Dungeon was added to the research and reference list that contributed to the decision to raise the risk level.

Via FrSIRT

FrSIRTThe French Security Incident Response Team has flagged the new libtiff exploit. Apparently the exploit, which hasn’t been fully implemented yet, is already a target for Sony. With news like this, expect to see a firmware 2.81 within the next two weeks. This is the text, as written on the English page.

Technical Description

A vulnerability has been identified in Sony PSP, which could be exploited by attackers to execute arbitrary commands. This flaw is due to an error in the Photo Viewer when handling malformed TIFF images using libTIFF, which could be exploited by attackers to compromise a vulnerable device by tricking a user into opening a malicious image.”

Trends such as this have been seen before, with the 1.5 KXploit release. 3 weeks later, we were handed 1.51. And then, after the original photo exploit in 2.0, it was only two and a half weeks before 2.1 came out. And with the 2.5/2.6 downgrader came 2.7. And now a 2.8. This is sad news, but we can urge all of you: If you want to use homebrew and you think it’s too late since you have 2.8 already, DO NOT UPGRADE. When a 2.81 comes out, you can bet work will continue on hacking the original 2.8.

EXTRA: The FrSIRT page has a references list, and guess who’s on it? That’s right, QJ. A thread in the Developers Dungeon was added to the research and reference list that contributed to the decision to raise the risk level.

Via FrSIRT

Add a Comment

Your email address will not be published. Required fields are marked *