- STICKY POST
- I'm done, close this
Enter Our Ultimate Summer Tech Giveaway!
That’s right - we are giving away a Summer Tech Package that includes a high-tech Fuego Element grill, Monster Superstar Backfloat waterproof speaker, and a mobile charging bank from iFrogz! Head on over to our giveaway page in order to enter. Good luck!
Wednesday February 28, 2007 7:33 am
Xbox 360 Security Hole Revealed, Already Patched
The Bugtraq mailing list recently published the details of an unsigned code execution security hole on the Xbox 360. The timeline of the security hole would seem to make this vulnerability the same one demonstrated at last year’s 23C3 Hacker Congress, as seen in this excerpt:
Oct 31, 2006 - release of 4532 kernel, which is the first version
containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release
The public demonstration date is key; that would be the same date of the anonymous Xbox 360 hacker video release. Further, the overview of the vulnerability claims:
We have discovered a vulnerability in the Xbox 360 hypervisor that allows
privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
According to the release, Microsoft has patched the vulnerability as of January 9th, but then Sony thought they had patched the Grand Theft Auto: Liberty City Stories security hole as well. The existence of such a vulnerability indicates that the security of the Xbox 360 isn’t as bulletproof as Microsoft intended, and it would seem a mere matter of time before another exploitable hole is found to enable homebrew development on the system.
© Gear Live Media, LLC. 2007 – User-posted content, unless source is quoted, is licensed under a Creative Commons Public Domain License. Gear Live graphics, logos, designs, page headers, button icons, videos, articles, blogs, forums, scripts and other service names are the trademarks of Gear Live Inc.