I never posted about it but at the end of April I disclosed a bug in an NXP chip as part of my work at Oxide. The short summary is there was an undisclosed hardware block in the LPC55S69 which allowed for modification of the ROM and breaking of various isolation boundries. Oops?
My colleage Rick Altherr and I submitted and gave a virtual presentation at DEFCON about this as well. The PoC should also be available now as well. A beverage of your choice if you can tell me anything else interesting that the ROM patcher does! (There were a few other bits set in the control register I never dug into)
I have a lot more thoughts about this but I haven’t found/made the brain space to write them all down. I did at least want to get the links up here for posterity.