Changes

159 bytes added ,  17:41, 2 January 2017
Line 204: Line 204:  
| [[User:Jakcron|jakcron]]
 
| [[User:Jakcron|jakcron]]
 
|-
 
|-
| safefirmlaunchhax
+
| safefirmhax
| The fix for firmlaunchhax was only applied to NATIVE_FIRM in [[9.5.0-22|9.5.0-X]], leaving SAFE_FIRM exploitable. With ARM11-kernel execution, one can trigger FIRM-launch in to SAFE_FIRM, do Kernel9 <=> Kernel11 sync and then repeat the original attack on SAFE_FIRM instead.
+
| SAFE_MODE_FIRM is almost never updated(even when NATIVE_FIRM is updated for vuln fixes), this can be noticed by ''just'' checking 3dbrew/ninupdates title-listings.
 +
 
 +
The fix for firmlaunchhax was only applied to NATIVE_FIRM in [[9.5.0-22|9.5.0-X]], leaving SAFE_FIRM exploitable. With ARM11-kernel execution, one can trigger FIRM-launch in to SAFE_FIRM, do Kernel9 <=> Kernel11 sync and then repeat the original attack on SAFE_FIRM instead.
 
| ARM9 code execution
 
| ARM9 code execution
 
| None
 
| None