The report describing a method for evading the Java sandbox used by Blu-ray Disc (bd-j) applications—called BD-JB / Blu-ray Disc Java Sandbox Escape—is now publicly available.
Six months after its submission, the write-up documents two vulnerabilities related to the implementation of Ixc (Inter-Xlet Communication) in bd-j (two separate implementations: org.dvb.io.ixc and com.sun.xlet.ixc)—and shows how, by combining these weaknesses, it is possible to neutralize the Java Security Manager and escape the user sandbox.
As you know, these exploits were reported to Sony in April 2025, which at the time allowed it to obtain
$5,000 in the Bounty program. The discovery of these vulnerabilities is attributed to security researcher Andy Nguyen, better known by the pseudonym TheFloW. The latter submitted the technical details to Sony Interactive Entertainment as part of the HackerOne bug bounty program, in accordance with the principles of responsible disclosure. The full report, along with a detailed analysis of BD-J’s inner workings, is now publicly available for research and documentation purposes.
The identified vulnerabilities open the door to attacks that allow the execution of unsigned code from Blu-ray discs. However, their full exploitation requires a combination of other flaws affecting the system kernel. Sony has since released corrective updates to its PlayStation consoles, rendering the exploit inoperable on recent firmware.
Comments