Skip to main content

PlayStation Now security bugs placed millions of Windows PCs at risk

PlayStation
(Image credit: Sony)

Sony has remedied a series of security bugs discovered in the PlayStation Now cloud gaming platform that could have allowed hackers to launch attacks on Windows devices.

According to security researcher Parsia Hakimian, these bugs opened the door to remote code execution (RCE) when chained together, meaning the attacker could run any code they pleased on the target machine.

The vulnerabilities were first reported via the PlayStation bug bounty program on HackerOne in May and the entry was marked as resolved one month later. Hakimian was awarded $15,000 dollars for the disclosure, commensurate with the high severity of the vulnerabilities.

PlayStation Now security bugs

PlayStation Now (or PS Now for short) is a subscription service that gives PC gamers access to upwards of 700 games, including popular titles released exclusively on PlayStation. The service has amassed more than two million subscribers since it launched in 2014.

As stated in the HackerOne entry, the security bugs in question affected PlayStation Now version 11.0.2 and earlier, installed on computers running Windows 7 SP1 or newer.

The security hole is the product of three separate issues which, when combined, allowed websites loaded in any browser on the vulnerable machine to run code through a “vulnerable websocket connection.”

To execute the attack, hackers would have had to deceive PS Now users into opening a malicious link, perhaps distributed via a phishing email. Scripts on the rigged website would then connect to the local WebSocket server and load malicious code from another site, before running it on the machine.

The extent to which the issues were exploited while active (if at all) is unknown, but the vulnerabilities in question have long since been patched, meaning no further action is required of PS Now subscribers.

Via Bleeping Computer