HTAB entries that will give it full access to the main segment, which maps all of memory. Once the hypervisor switches to this virtual segment, the attacker now controls all of memory and thus the hypervisor itself. The exploit installs two syscalls that give direct read/write access to any memory address, then returns back to the kernel.
The attack requires the attacker to run a timed voltage in the nanoseconds on a particular line (shown by the red circle on the graphic above) on the PS3 memory bus to confuse the system and interrupt the memory deallocation. George has not compromised the secret keys, and much work remains. But, attackers can now access all of the hypervisor code and should be able to operate in memory outside of the hypervisor on the main Cell processor (PPE). There are seven other Cell (SPE) coprocessors, including one dedicated to security functions.
It's a testament to the level of security engineering put in by Sony that it's lasted this long. Their willingness to allow dual booting Linux potentially subverted intense analysis, since some of the objectives in hacking the system were eliminated.
On a personal note George Hotz is developing an impressive track record. He is one of the key developers behind the iPhone/Ipod Touch hacks and released the primary tool for "jailbreaking" those systems. For a 21-year old he has a bright future in the field...
UPDATE (March 29th, 2010):
Sony has responded to George's research by announcing that on April 1st they will be disabling the "Other OS" feature on all deployed Sony PS3s. Since this was a feature advertised when they sold the devices, some users are speculating that Sony will be sued for retroactively removing a feature that many people paid for. George is being blamed by some users and is planning to create a workaround. Interesting unintended consequence and heavy handed response by Sony.