--This post if being updated throughout the day, if you are reading via RSS, it is recommended that you go to the actual URL of this post to get the most recent information. --
PS2-Scene is reporting a vulnerability in the Opera Browser. They have posted code which uses SVG to crash the Wii's Web Browser. This could lead to arbitrary code execution. The hackers are busy at work trying to make something useful out of this, while Opera is probably scrambling to issue a patch to fix the problem.
This exploit could possibly be used to run code on the Wii!
Get more info and example code from here
I've also added this link to the Wii Portal Page, so if you already have that bookmarked, you can test out the 'Crash My Wii' link from there as well.
So to reiterate, they can get the Wii to crash. This has not yet opened up any way to run homebrew, but it's the hole most hackers have been waiting for. Will update later when more is known.
More information about this bug posted on iDefense. Seems like Opera has known about this one since November.
trapflag on IRC is looking at the registers to find ways to execute code:
http://paste.uni.cc/12615 (x86 opera)
pab_ has it crashing on Opera 9 PPC binary with debugger attached
Opera's Response to this bug:
"Attackers can specially call the function createSVGTransformFr- http://www.heise-
omMatrix to have the browser execute code with the user's rights. The vendor has categorized both of the holes as merely "moderate". The firm argues that it is not easy to exploit the heap overflow consistently."
Also, Opera claims they fixed this bug in Opera 9.10... but the Wii's version appears to be earlier than that.
An important thing to note is that if this works, it is also possible for dangerous things to happen to your Wii. Please use caution before you click on any unknown links, as someone may try to implement malicious code that breaks your Wii.
FreePlayPSP on digg writes:
I'm not sure how much is known about the Wii's architecture, so I'm not sure how viable it will be to run our own unsigned code through this. Not to mention that Opera seems to run in a sort of sandbox - I've Lastmeasured my Wii to the point that the browser was 100% unresponsive but the Home button still worked just fine. Haven't tested this out yet, though, so it's possible that this 'breaks' the sandbox.--
Discuss this topic on the following forum posts:
- GBA Temp
Or post your comments on this blog.