QUOTE(Team Fail @ Sep 15 2011, 05:55 PM)
QUOTE(DeadlyFoez @ Sep 14 2011, 08:24 PM)
Ok, let me just add in this bit of info to put it into perspective about the whole 'sandbox' dilemma.
A few years ago a researcher had found a way to run some code inside of a virtual machine that cause malicious code to be run inside the host OS. Although this is comparing apples to oranges, a virtual machine is certainly one form of sandboxing. All that there needs to be is just one possible exploit in the sandbox and for someone to find it and then unsigned code can be run. It is not an easy task, especially on the 3DS, but I would not be surprised if that is how the first exploit becomes publicly available.
That'd be interesting. I never thought of a sandbox mode like that. Perhaps it is possible, but I think it's more unlikely.
It is certainly extremely unlikely without some other previous hack being found first. At least on the PC there is shit loads of tools that let you debug and examine everything so it is easier to find things like this. But Team Twiizers, their first exploits on the wii and the dsi were hardware exploits that would not be easy for the average user to do. So they find these hardware exploits and from it they examine and learn the system and then find software exploits that they can easily release to the masses.
TT knew about a hardware exploit on the dsi long before they release sodokuhax, and like with the wii, they found the twiizer exploit long before they created the twilight hack. All this hardware hacks they kept to themselves until they had a consumer friendly solution. Thats the way it always will be.
A browser exploit may be long down the road, but it certainly is possible and more likely that anything else since HTML does not need to be signed at all to be displayed.