PS5 Jailbreak Scene Intensifies: 12.70 Exploit, Linux Advancements, and Emerging WebKit Vulnerability

The PlayStation 5 jailbreak community is experiencing unprecedented momentum, driven by a cascade of technical breakthroughs. Recent developments include a functional exploit targeting firmware version 12.70, significant progress in Linux integration, and the identification of a fresh WebKit vulnerability. These advancements signal a potential shift in the landscape of console modification, drawing increased attention from developers, security researchers, and enthusiasts alike.

Breakthrough Exploit for Firmware 12.70

At the forefront of this surge is the release of a kernel-level exploit specifically tailored for PS5 firmware 12.70. This exploit, dubbed the “12.70 kernel exploit,” marks a critical milestone as it provides reliable code execution capabilities within the console’s kernel environment. Developed by prominent figures in the hacking scene, including contributors associated with the SpecterDev team, the exploit leverages a carefully crafted chain of vulnerabilities to bypass Sony’s security measures.

The exploit’s public disclosure came via detailed write-ups and proof-of-concept code shared on specialized forums and GitHub repositories. It builds upon prior work, such as the foundational ROP (Return-Oriented Programming) chains established in earlier firmware exploits. Key to its success is a zero-day kernel vulnerability that allows arbitrary read and write operations, enabling attackers to disable critical security features like the Hypervisor and Secure Boot processes.

Testing has confirmed its stability across a range of PS5 models, including both digital and disc variants. Users running firmware 12.70—currently a widely adopted version—are now prime candidates for full jailbreak procedures. The exploit’s browser-based delivery method, utilizing the PS5’s WebKit engine, simplifies deployment, requiring only a USB drive with the necessary payload files. However, developers emphasize the importance of backups and caution against bricking devices through improper usage.

This release escalates the pressure on Sony, as it affects a firmware version that remains prevalent among the installed base. Estimates suggest millions of consoles are vulnerable, prompting speculation about an imminent firmware update to patch the flaw.

Advancements in PS5 Linux Implementation

Parallel to the exploit news, the PS5 Linux project has seen remarkable strides, enhancing the console’s utility beyond gaming. Spearheaded by the Psylerium team, recent updates to the Linux loader have achieved persistent booting capabilities, allowing users to dual-boot between Sony’s proprietary OS and a customized Debian-based Linux distribution.

The latest Linux payload, version 0.7.1, introduces support for hardware acceleration, including GPU passthrough via the Bedrock kernel driver. This enables smooth performance for desktop applications, video playback, and even light emulation workloads. Notably, the implementation now handles NVMe storage access, resolving previous limitations on SSD utilization outside the PS5 OS.

Integration with the 12.70 exploit facilitates seamless installation. Once kernel access is gained, the Linux payload can be deployed to overwrite boot partitions temporarily, creating a multiboot menu accessible via button combinations at startup. Developers have also patched audio drivers and improved USB peripheral support, making the PS5 a viable Linux workstation.

Community feedback highlights real-world applications, such as running productivity software, cryptocurrency mining tools, and custom servers. While Sony’s terms of service prohibit such modifications, the open-source nature of these tools fosters collaborative refinement. Future roadmaps include Vulkan driver enhancements and full Wayland compositor support, promising even greater compatibility with modern Linux applications.

New WebKit Vulnerability Discovered

Compounding these developments is the unearthing of a novel WebKit vulnerability, designated CVE-2024-XXXX (specific identifier pending assignment). Identified by independent researcher @TheFloW, this flaw resides in the JavaScriptCore engine and permits remote code execution when processing malicious web content.

WebKit, the browser engine powering the PS5’s built-in browser, has long been a vector for jailbreak exploits due to its complexity and historical vulnerabilities. This new issue exploits a type confusion bug in the JIT (Just-In-Time) compiler, allowing attackers to corrupt memory and pivot to higher-privilege contexts. Proof-of-concept demonstrations show it chaining effectively with existing userland exploits to reach kernel level.

The vulnerability affects multiple firmware versions, including those post-12.70, positioning it as a cornerstone for future jailbreaks. Its disclosure adheres to responsible practices, with initial private reports to Sony yielding no response, leading to public release. Hacking collectives are already adapting it into toolchains, potentially extending jailbreak support to newer firmwares.

Security implications extend beyond consoles; similar WebKit instances in macOS and iOS could face analogous risks, underscoring the engine’s pervasive footprint.

Implications for the Jailbreak Ecosystem

Collectively, these milestones—the 12.70 exploit, Linux maturation, and WebKit flaw—herald an explosive phase for PS5 customization. The scene’s escalation reflects a maturing ecosystem, with tools like GoldHEN (a homebrew enabler) receiving updates for compatibility. Forums buzz with tutorials, while GitHub sees a spike in forks and contributions.

For users, opportunities abound: custom firmware, emulation of legacy games, and repurposing hardware for non-gaming tasks. Yet, risks persist—voided warranties, ban risks from PSN, and potential data loss. Sony’s response will be pivotal; historical patterns suggest rapid patches, narrowing the exploit window.

Developers urge ethical use, focusing on research and preservation rather than piracy. As the community evolves, these tools democratize access to the PS5’s formidable hardware, blurring lines between gaming console and general-purpose computer.

Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.

What are your thoughts on this? I’d love to hear about your own experiences in the comments below.