Via Vnunet.com -
An anonymous hacker claims to have uncovered a critical security flaw in the software that runs Microsoft's Xbox 360 that could allow an attacker to take control of the system.
Microsoft has acknowledged the vulnerability and issued a patch on 9 January. The hacker demonstrated the vulnerability in December, but has only now provided details on how to exploit the flaw on the Full Disclosure security email list.
"Microsoft has completed the investigation into the public claims of a vulnerability in Xbox 360. The issue in question can only allow a user with physical access to the console to modify the Xbox configuration," a Microsoft spokesperson told vnunet.com.
The vulnerability affected the hypervisor component that effectively acts as a gatekeeper to the system by encrypting all code and making it read-only.
This approach limits access to system resources for games and any code that users or attackers could inject.
Because the flaw lets users override the Xbox security system, it could allow them to install a custom operating system.
This includes systems that are stripped from copyright protection technologies that prevent users from running illegally copied games.
-----------------------------
Xbox 360 Hypervisor Privilege Escalation Vulnerability
http://www.securiteam.com/securitynews/5MP040AKUA.html
No comments:
Post a Comment