If you have devices like Nintendo Switch or Google Pixel C, you probably don’t want to miss this news: a critical vulnerability – dubbed Fusee Gelee – has been discovered in the SoC that powers your device.
The vulnerability allows an attacker to execute unauthenticated arbitrary code on your device. Here’s how the researchers explain the vulnerability:
As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration…