2 comments

[ 2.9 ms ] story [ 16.6 ms ] thread
This is a detailed analysis of source code for the geohot glitching attack on the PS3 hypervisor. It's a combined software/hardware attack and is likely to lead to a software-only hack later on.
Cliff's notes: a tiny piece of electronics can glitch the PS3 memory bus, causing memory writes to fail (far below the level of the instruction set architecture). If you can force writes to fail, you break fundamental assumptions that conventional code depends on; in this case, you turn a deallocation into a no-op, leaving you with a reference to stale memory --- roughly a use-after-free bug (like what just killed IE with Aurora).