Quick Jump Daily Digest

Thank you for your interest in the Quick Jump Daily Digest. Get notified of all new content on QJ in our free Daily Digest. To subscribe, enter your email address below and click the subscribe button.

Cancel and Return to page

FrSIRT Reports libtiff exploit as a "RAISED" Risk

Posted Sep 1, 2006 at 6:20AM EST by QJ Staff

Listed in: Hacks & Exploits Tags: downgrader, Exploit, FrSIRT, KXploit, libtiff, psp exploits, psp hacks, Sony

The French Security Incident Response Team has flagged the new libtiff exploit. Apparently the exploit, which hasn't been fully implemented yet, is already a target for Sony. With news like this, expect to see a firmware 2.81 within the next two weeks. This is the text, as written on the English page.

"Technical Description

A vulnerability has been identified in Sony PSP, which could be exploited by attackers to execute arbitrary commands. This flaw is due to an error in the Photo Viewer when handling malformed TIFF images using libTIFF, which could be exploited by attackers to compromise a vulnerable device by tricking a user into opening a malicious image."

Trends such as this have been seen before, with the 1.5 KXploit release. 3 weeks later, we were handed 1.51. And then, after the original photo exploit in 2.0, it was only two and a half weeks before 2.1 came out. And with the 2.5/2.6 downgrader came 2.7. And now a 2.8. This is sad news, but we can urge all of you: If you want to use homebrew and you think it's too late since you have 2.8 already, DO NOT UPGRADE. When a 2.81 comes out, you can bet work will continue on hacking the original 2.8.

EXTRA: The FrSIRT page has a references list, and guess who's on it? That's right, QJ. A thread in the Developers Dungeon was added to the research and reference list that contributed to the decision to raise the risk level.

Via FrSIRT

This story sucks? This story rocks!

Vote Now!

(0)

(0)

This was inevitable. I mean This is the most eagrly awaited and biggest exploit found after kexploit. What more It can F**k All PSP Firmware after 2.0. Expecting that It would not be fixed soon is just foolishness. But I wonder Where is SONY Going With this. Patching patching and more Patching the more roadblocks they will create the more ppl will lose faith in such a wonderfull device. They must go the Microsoft way and must release a SDK friendly for Homebrew Now. Before DS Or Microsoft take on It with their Portables.

# lol — Guest 2006-09-01 07:51

so fanjita, ditlew, others who helped... how do you guys like being defined as "attackers" trying to trick a device?

"malicious" isnt that when u are trying to do something bad? how is trying to make you own games malicious?

# Remote Exploitable, Not — Guest 2006-09-01 08:16

How can they say that libTiff is something that can be exploited via remote? It's not like the libTiff exploit can be run via the web browser. The PSP's browser doesn't even recognise TIF files as an image type, just another file to be downloaded to the MSD.

# Wtf? — Talbain 2006-09-01 08:18

How can we get both badasses like Zidane, and dumbasses like these guys in France?

# kersplatty 2006-09-01 08:19

aww man we gt kicked in the balls wid that one, qjs fault aswell lol, frm now on we shud talk in code .. ....... ...... ...... ;; ..?'[..

# blah — Guest 2006-09-01 08:35

those who found the exploit should have sat on it a while until 3.0 came out so sony wouldn't have fixed the hole so soon...

# @10 — Guest 2006-09-01 08:39

that wouldn't have worked because the exploit is in something that isn't PSP specific.

Meaning that other people would have patched this and $ony would have simply used that patch in 3.00

# enjoy — Guest 2006-09-01 09:27

all this homebrew ***** is stupid. do something productive on a pc. enjoy the psp for what it is and quit wasting time.

# haha — MasterQ 2006-09-01 10:03

FrSIRT linked to a post in the Developers Dungeon section of the QJ forums, which is restricted to approved devleopers only...

# think ahead — Guest 2006-09-01 10:15

I sure wish they would have kept this exploit secret till the emulator was out, now sony will just fix it.....pretty damn dumb if you ask me.....

# LMAO! — Guest 2006-09-01 10:43

I love how it states the exploits as being open to "attackers" LOLOLOLOLOL!!!!

anything to make it sound like sony are doing the right thing by patching it up! ;)

Good ole' sony!

1.5 FTW!!!!!!!!!!!! !!

# @12 and 14 — Guest 2006-09-01 10:47

12: I enjoy the PSP for what it is; MINE!!! I'll do what the ***** i want on it thankyou :]

14: That wouldnt have mattered seeing as there isnt a kernel expoit yet on 2.8. unless the exploit magically reopens on 3.0 or whatever.

# DAMN THE INTERNET. — Guest 2006-09-01 11:23

Tis both the cause of our pleasures and our pains!

# GIVE IT UP SONY — Guest 2006-09-01 13:33

2.71 downgrader now available, just give it up cause your limpware aint al dente

# fsIRT are weirdos — Guest 2006-09-01 15:39

Who cares homebrew r0x

# ok? — anonymous stranger 2006-09-01 17:24

Vulnerability reported by NOPx86

wow... nice...

# Guest 2006-09-01 18:12

Well GEE, maybe if sony would release SOME DECENT SOFTWARE so i could use my PSP FOR WHAT IT IS i wouldn't have to go to the homebrew developers!!!

Besides i bought this machine i paid my damn money and if sony doesn't like that then they can take my psp and give me my money back, and if everybody else does this i'll laugh and watch sony go broke, hey, sony let's not forget the reason you're sitting on that cash is because someone bought your product. NEVER forget that.

# oh god, not again — Guest 2006-09-02 02:43

"which could be exploited by attackers to compromise a vulnerable device by tricking a user into opening a malicious image"

oh joy, here comes a remake of the 2.0 bricker trojan. ¬¬

# i bet sony bribed u — Guest 2006-09-02 02:45

i bet sony bribed them

i mean, if u were really clever and wicked enough to be a terrorist to do somthing u would have found another exploit ANYWAY and downgraded and used "terroristic homebrew!" this is juz sony's weak attempt to stop d/graders and h/brew

cmon, u might find homebrew developed for terrorism or summat but this is juz ga* saying it's a way to brick ur psp or something. it's not, it's so we can enjoy what sony has been to laid back to develop

# wtf — Guest 2006-09-04 04:41

"And with the 2.5/2.6 downgrader came 2.7"

wtf

the 2.5/2.6 downgrader came out in July

firmware 2.7 came out in April

also

there was never 2.1

it was 2.01

# Guest 2006-09-17 05:10

wher ik can download it

# Guest 2006-09-22 01:00

Lol, 'vulnerability', the only vulnerability is in the monopolies annual NET profits...

STICK IT TO THE MAN!

Nice job on the reference QJ...

# semia — Guest 2006-10-19 05:49

aaa

Refresh comments list

Add comment

JComments

QUICK JUMP DAILY DIGEST

Welcome to QJ.Net!

If you want your comments to go live without waiting for moderation, you need to be logged in. Being logged in has its benefits:

Logged in members do not wait for their comments to be approved.
Logged in members can create Profiles to be seen by other users.

So why wait? Create an account or login now! It's easy, quick, and free.

To get started, use the LOGIN boxes, or the REGISTER link below!

Want to learn more about the team who brings you the QJ news?

Read about them now!

HOT FLASH GAMES

PSP Categories

• Accessories
• Add-ons
• Applications
• Artwork
• Batteries
• Cheats
• Deals
• Emulators
• Events
• Featured Articles
• Firmware
• Flash Applications
• Flash games
• Game Demos
• Games
• Hacks & Exploits
• Homebrew Applications
• Homebrew Demos
• Homebrew Development
• Homebrew Emulators
• Homebrew Games
• Homebrew Themes
• How-To
• Humor
• Imports
• Interviews

• Magazines
• Mods
• MY QJ
• News
• Off Topic
• On Shelves This Week
• Opinions & Analysis
• Podcasts
• Previews
• PSP Go
• PSP Minis
• PSP Slim & Lite
• QJ How-To Series
• QuickJump QuickGuide
• QuickJump QuickPeek
• Reviews
• Rumors
• Scans
• Screenshots
• Site News
• Titles
• UMD Movies
• Videos
• Weekend Warrior
• Wi-Fi

Sitemap

Newest Downloads

05/14/2013 - 05/21/2013

PSP Homebrew: Cube Runner Advanced v1.3 - 20 More Levels	05/20/2013
Grab the latest IrisManager Update. Version 2.42 is Out.	05/18/2013
PS3 Homebrew: Super Pixel Jumper v1.2	05/18/2013
Bite v1.5.1: PS3 Minis and Emulator Support	05/18/2013
PSP Homebrew: Cosmos Lunar v1.01	05/17/2013
PSP Homebrew: Xonergy	05/16/2013
PSP Homebrew: Cube Runner Advanced v1.2	05/16/2013
IrisManager 2.41: New Payload, Updated Discless	05/15/2013
PSP Homebrew: Wagic 0.19.0	05/15/2013
PSP / PS3MInis Bite v1.5: Homebrew Support	05/14/2013
This Tool Makes Playing PSP Games on PS3 EZ!	05/12/2013
Iris Manager v2.40 Has Some Cool New Features	05/11/2013
PUAD GUI v1.5 PUP Unpacker/Decryptor makes PUP Files Easy to Handle	05/10/2013
Get Your NOR Dumps Validated by BWE v1.24!	05/10/2013
Estwald Updates Fan Control Utility to v1.6	05/10/2013

Most Comments this Month
QJ How To: What Emulators..	(5)
PSP Homebrew: Camxpspx123..	(2)
PSP homebrew - Audio Boost..	(1)
PSP homebrew - PSPdisp v0...	(1)
The Walking Dead Tops PSN'..	(1)
QJ Shootout: PSP Vs. PS Vi..	(1)
PSP Dungeons 3D v0.7 Relea..	(1)
Tutorial: How to unbrick y..	(1)

Top Jumps this Month
PSP Homebrew: Camxps..	(108)
WiFiHack Now Availab..	(53)
PSP homebrew - LameC..	(45)
PSP GBA v1.2: Gamebo..	(36)
Custom Firmware PRO-..	(34)
PSP Comics Reader v2..	(27)
Speed Gamers Are Pla..	(25)
PPSSPP: A Windows an..	(20)
QJ How To: What Emul..	(16)
PSPE (PSP Emulator f..	(14)
PSP Fans Unite! Toda..	(14)
PSP homebrew - Mario..	(13)
Treyarch Responds to..	(13)
QJ Shootout: PSP Vs...	(12)
PSP Homebrew - PSPDi..	(12)
Minecraft PC Hits 8..	(12)
PSP homebrew - Save..	(11)
The World Is In Trou..	(11)
PSP homebrew - GoTub..	(10)
RE6's "On disc DLC"..	(8)
PSP homebrew - Audio..	(8)
PSP homebrew - PMPla..	(8)
PSP CFW: 6.60 ME & L..	(8)
The Walking Dead Top..	(7)
Gamescom: Sports Gam..	(7)

Quick Jump Daily Digest

FrSIRT Reports libtiff exploit as a "RAISED" Risk

Related Stories:

Comments

Add comment

Newest Downloads