"A few days ago the new Phrack Issue had its street date including an article about Hacking the Cell Broadband Engine Architecture.
The author BSDaemon who works for RISE Security used a PlayStation 3 system for his tests and got very interesting information for you; definitely worth reading!"
The article covers topics including: Debugging Cell, Debugging the SPE, Finding/Exploiting Software Vulnerabilities on Cell SPE, Memory Overflows, SPE memory layout, Avoiding Null Bytes and more on the PS3.
Those interested can check it out linked above in full!
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
It is an interesting read - It's a beginners guide to writing code on the Cell. However, it contains no real surprises and definitely no exploits as such.
It's also concentrating on SPE vulnerabilities. Exploiting this is difficult, since the hypervisor (running on a SPE) protects main memory used by both the SPE and PPE. The hypervisor is essentially self-contained after boot - If it has been properly designed (and the lack of a hack after this amount of time suggests nothing else) it has only well defined external interfaces that can't be exploited by any obvious method.
So, to get an exploit in OtherOS or GameOS, you need to cause the hypervisor SPE to run your own code. There are also symptoms which would tend to indicate that there is a "watchdog" to ensure that the hypervisor is still active - If I was implementing this, it would be an external device to the processor that accepts some sort of signed message at 5 second or so intervals which resets the CPU in case of a missed heartbeat.