If you have devices like Nintendo Switch or Google Pixel C, you probably don’t want to miss this news: a critical vulnerability – dubbed Fusee Gelee – has been discovered in the SoC that powers your device.
The vulnerability allows an attacker to execute unauthenticated arbitrary code on your device. Here’s how the researchers explain the vulnerability:
As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses.
Found by researchers at ReSwitched, the vulnerability is “believed to affect Tegra SoCs released prior to the T186 / X2” and works independent of software stack. What makes the bug critical and worrisome for millions of Switch users is that it can’t be patched through a downloadable update.
Nvidia and vendors like Nintendo have already been intimated about this vulnerability. The ReSwitched team also prepared a proof of concept exploit for the Nintendo Switch, as can be seen in the following image.
You can read the complete details by heading to the Source link below.
Source | Via