Security News > 2020 > December > Researcher Awarded $15,000 for Code Execution Flaw in PlayStation Now App
A critical vulnerability addressed earlier this year in the PlayStation Now application for Windows could have been exploited by malicious websites to execute arbitrary code.
The PlayStation Now application allows users to access an on-demand game collection directly from their Windows PCs. To enjoy the games, users also need a PlayStation Network account and a compatible controller.
As part of Sony's bug bounty program on HackerOne, a security researcher that goes by the handle of "Parsiya" reported a critical flaw in the PlayStation Now application that could have been abused by any website to execute code on vulnerable systems.
What the researcher discovered was that, because of a vulnerable websocket connection to the application, websites opened in any browser on the machine could send requests to the application, and have it load malicious URLs that could then execute code on the system.
The security researcher also discovered that the AGL Electron application allowed for the JavaScript on loaded web pages to spawn new processes, essentially enabling code execution.