Huge Security Flaw Discovered in PS3 Firmware 4.31

Security firm approached Sony six months ago, corporation slow to respond.

Posted by
Huge Security Flaw Discovered in PS3 Firmware 4.31
Sony patched its PlayStation 3 system software to version 4.41 earlier this month, adding minor improvements to platform stability. Right? Well, what Sony didn't exactly explain is that the recent firmware was a rather untimely six-month delay in plugging a rather huge security hole.

The flaw was discovered in the PS3's v4.31 system software more than half a year ago by the Vulnerability Laboratory Research Team. According to The Register, it involved "a means for local attackers to inject malware that poses as a saved game on a USB stick."

"The flaw exploits poor input validation in the PS3 savegame preview listing menu (SUB/HD). Successful attacks open the way to session hijacking and worse." The report adds an advisory notice by Vulnerability Laboratory, which noted that it produced proof-of-concept code to present the exploit to Sony. The PlayStation maker allegedly did not respond for several months.

It's not the best attitude for Sony to take, given that its PlayStation 3 played host to one of the biggest security scandals of this past console generation.

If you have a PS3 with firmware 3.31... it's probably best you update to the latest right now to save yourself any potential trouble.
Companies:

Comments

irritant 29 May 2013 16:12
1/1
/me rushes out to update his PS3 firmware.

/me remembers that his PS3 died the other day despite getting used about once a month at best, mostly for video playback.

/me is quite frankly not that bothered since it was always a pain going through a 20 minute firmware/Netflix update process every time he wanted to watch an episode of Dexter.
Posting of new comments is now locked for this page.