PlayStation Now security flaw lets attackers execute arbitrary code

Security bugs found in the PlayStation Now could lead to malicious code execution on Windows PCs

Remote code execution attacks can be the result of the new critical security bug exploit.

A flaw in the PlayStation cloud gaming Windows application possibly allowed attackers to execute arbitrary code on Windows OS devices^[1] PSNow platform has launched in 2014 and become extremely popular among gamers. Recent reports revealed that a security vulnerability found in PlayStation Now cloud gaming app let any attackers execute the malicious code on devices running vulnerable application versions.^[2]

Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable websocket connection.

The flaw was discovered by bug bounty hunter Parsia Hakimian. The flaw affected particular PSNow 11.0.2 and earlier versions that run Windows 7 SP1 or later. The researcher reported the flaw back in May via the official bug bounty program on HackerOne. Then, PlayStation addressed the vulnerability and claimed that the flaw was resolved on June 25th. Hakimian was rewarded for the discovery. The report on the security vulnerability made him $15,000.^[3]

The critical security flaw can lead to Remote Code Execution attacks

When this flaw gets changed, it allows the unauthenticated attackers to launch the remove code execution attacks since this is a method for code injection. The attacker can run malicious code on the PS Now user's computer.

JavaScript loaded by AGL will be able to spawn processes on the machine. This can lead to arbitrary code execution. The AGL application performs no checks on what URLs it loads.

For successful exploitation of such RCE bug, attackers should persuade the PS Now user whose device they want to target to open the specially crafted site via the malicious link sent with the help of phishing email, forum, or Discord channel. Malicious scripts on the website will connect to the server and ask for commands to load malicious code from another site and run that on the targeted device.

RCE vulnerability recently reported in Microsoft Teams too

A zero-click, wormable flaw was discovered affecting Microsoft Teams desktop applications.^[4] Attackers might have executed the arbitrary code by only sending a specially-crafted chat message, and this way compromising the targeted system.

The issue was reported to the Windows maker by Oskars Vegeris – a security engineer from Evolution Gaming. According to statements, no interaction from users' end is required to exploit such flaws, besides seeing the chat message.

However, such an attack can lead to complete loss of confidential information and access to private chats, files, internal systems, private keys, and personal, sensitive information outside of the Microsoft Teams app. The exploit also can be passed on from one account to a group of users, so the entire channel might get compromised.

This is not the first time for MS Teams that RC flaws get observed, but there are various other platforms that get reports about bugs and vulnerabilities. Last week,^[5] wormable RCE/PE flaw was reported to be found in iPhone wi-fi code.