UPDATE: Dan has gone on record and stated that neither LG nor Samsung devices can be bootloader unlocked with this method. Period, dot, the end.
UPDATE 2: Qualcomm has now issued a statement that they are aware of this vulnerability, and that they have released a patch to device manufacturers.
Beware, major geek speak lies ahead. Security research extraordinaire Dan Rosenberg, aka djrbliss, made a presentation at the Black Hat security convention yesterday that, to put it mildly, is kind of a huge deal. He showed that it is possible to exploit a vulnerability within the TrustZone of a device running a Qualcomm SOC to either unlock or circumvent a secure bootloader. Then he proved the concept by unlocking the bootloader of a consumer version Moto X. I'll let that sink in for a second...
Still with me? Okay, I'm not going to get into a serious discussion of how this works, because frankly I don't completely understand it. But I'll attempt to break it down as simply as I can. Any device that is powered by a Qualcomm SOC, including most every flagship Android device produced within the past year, utilizes what is referred to as the TrustZone, which acts as an intermediary between the kernel and hardware and regulates what are trusted apps and commands, and what are not. Things are broken down even further into what is considered the secure and non-secure sides of the device. The non-secure side includes the Linux kernel, the Android operating system, and most every app on your device. On the secure side, you have what is called the Trusted Execution Environment, which in Qualcomm land is called the Qualcomm Secure Execution Environment. This secure side of the house has access to absolutely everything on your device, both in terms of hardware and software, such as the Qfuses that dictate whether some of your devices' bootloaders are locked or unlocked. What Dan was able to do was find a vulnerability that allows code to be executed from within that secure side, allowing him to bypass or unlock a secure bootloader. What devices does this affect? The Moto X, HTC One, Samsung Galaxy S4, and LG G2 to name a few.
Now comes the part where I dash everyone's hopes for a Utopian land where locked bootloaders are a thing of the past. First of all, Dan was able to exploit this onstage at Black Hat, but he has not released the details of exactly how he did it. So there is currently no exploit in the wild to allow anyone to do this. Secondly, if an exploit is ever released, there's a good chance it will be patched very, very soon. So if you have a current Android phone running a Snapdragon SOC and are hoping to profit from this, avoid any OTA updates like the plague. Finally, the Galaxy S5 and HTC One M8 have already had this vulnerability patched, so no love for owners of those devices. Dan's paper explaining the details of the vulnerability can be found below.
Source: XDA, (thanks SamuriHL, shane1, and cmh714!)