PlayStation Now Fixes Vulnerability That Allowed Attackers to Run RCE on Windows PCs
A critical flaw in the PlayStation Now cloud application could have let attackers inject malicious code on Windows-operating devices.
The vulnerability was reported on May 13 by bug hunter Parsia Hakimian, and fixed on June 25 by the online gaming giant.
The bug, residing in an insecure AGL application, affected PlayStation Now versions 11.0.2 and earlier on machines running Windows 7 SP1 and later.
“The PlayStation Now application version
11.0.2 is vulnerable to remote code execution (RCE),” Hakimian said. “Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable websocket connection.”
In his description of an attack, Hakimian said a threat actor could send a malicious script to users through online forums or Discord. By accessing the link on their computer, malicious scripts on the website connect to the local WebSocket server [ws://localhost:1235] and ask AGL (Electron application) to load and run malicious Node code on the target”s device.
The findings landed the researcher a whopping $15,000 bounty awarded by PlayStation”s HackerOne bug bounty program.
The fix couldn”t have come at a better time for the gaming community since the cloud-gaming service has gained more than 2.2 million subscribers by April 2020.
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022