Nintendo is patching a vulnerability that could allow hackers a “full console takeover.”
Nintendo has quietly patched a vulnerability that could give hackers access to compromised Switch, 3DS, and Wii U games.
Remember when Nintendo released its first update to Mario Kart 7 in 10 years? Well, it turns out this was intended to fix a critical exploit that “could allow an attacker to achieve full console takeover.”
While the issue was reportedly first noticed in 2021, PabloMK7, Rambo6Glaz, Fishguy6564 have been credited with discovering “ENLBufferPwn”, an exploit so severe that it has a critical score of 9.8/10 in the CVSS 3.1 calculator received.
As discovered by Nintendo Everythingthe exploit was also reportedly patched in Mario Kart 8 Deluxe, Animal Crossing: New Horizons, ARMS, Splatoon 2 and Super Mario Maker 2, and more recently in Splatoon 3 and Mario Kart 8 because – according to to one of the people who discovered it – “in combination with other operating system exploits, the vulnerability could allow an attacker to achieve full console takeover”.
Here is ENLBufferPwn (CVE ID pending), a serious vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console simply by conducting an online game session with an attacker.
Vulnerability Report: https://t.co/QbvXKQLeDf
🧵(1/7) pic.twitter.com/4qewU5YQ9x— PabloMK7 (@Pablomf6) December 24, 2022
By reporting the problem through Nintendo’s HackerOne program, the hackers secured a $1,000 bounty. It remains unclear whether affected Wii U games will also be patched.
As far as Mario Kart 8 Deluxe goes, the most recent update saw the arrival of the third wave of DLC courses and the option to customize items – something Ed thinks is the best thing that can happen to Mario Kart 8.
https://www.eurogamer.net/nintendo-patches-a-security-vulnerability-that-could-give-hackers-full-console-takeover Nintendo is patching a vulnerability that could allow hackers a “full console takeover.”
