It has come to light that Nintendo recently patched a security vulnerability that could have given hackers access to compromised Switch, 3DS, and Wii U games. The exploit, known as "ENLBufferPwn," was discovered by PabloMK7, Rambo6Glaz, and Fishguy6564. The said exploit marked a critical score of 9.8/10 on the CVSS 3.1 calculator, Eurogamer reports.
Serious Threat
According to Nintendo Everything, the exploit was patched in several popular games, including "Mario Kart 8 Deluxe," "Animal Crossing: New Horizons," "ARMS," "Splatoon 2," and "Super Mario Maker 2." Combined with other operating system exploits, the vulnerability could have allowed an attacker to control a console completely.
It was also supposedly addressed in "Splatoon 3" and "Nintendo Switch Sports," two recent releases. However, affected Wii U titles, such as Mario Kart 8 and the original Splatoon, have not been patched, and it is unknown whether any patches are in the works. The exploit is also possible to still affect other games out there.
This vulnerability is particularly concerning because it allows an attacker to take over a victim's device simply by engaging in an online game session. If paired with other operating system exploits, the attacker could achieve total control of the system and potentially steal sensitive information or take audio/video recordings.
A Closer Look
In recognition of their discovery, the hackers received a $1000 bounty through Nintendo's HackerOne program. It is unclear if the affected Wii U games will also be patched.
While the patch may have come as a surprise to many players, it is a testament to Nintendo's commitment to security and protecting their users from potential threats. The company has a long history of working with researchers and hackers to identify and fix vulnerabilities. This latest patch is just one example of their efforts in this regard.
Despite the potential severity of the exploit, it is reassuring to know it has been addressed. Players can now continue to enjoy their favorite games without the fear of being hacked. It is essential for all companies, especially those in the gaming industry, to prioritize security and work to address any vulnerabilities as quickly as possible.
Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker.
— PabloMK7 (@Pablomf6) December 24, 2022
Vulnerability report: https://t.co/QbvXKQLeDf
🧵(1/7) pic.twitter.com/4qewU5YQ9x
While it is reassuring to see Nintendo taking steps to address this vulnerability, it serves as a reminder of the importance of regularly updating and securing devices and systems. It is crucial for companies, especially those in the gaming industry, to prioritize security and work to fix vulnerabilities as soon as they are discovered.
Here's More
The most recent Mario Kart 8 Deluxe update added the third wave of DLC courses and the ability to customize items. According to reports, Mario Kart 8 Deluxe's new custom item feature works with offline VS races and "certain" online modes, as described in Nintendo's release tweet.
A new Custom Items feature is now available for all #MarioKart 8 Deluxe owners via a free update. Use it to choose which items appear in offline VS Races and certain online modes! pic.twitter.com/zkFIUtqbi3
— Nintendo of Europe (@NintendoEurope) December 7, 2022
This also allows players to either randomize the stuff available in their races or turn certain items on or off, and competitions can now be completely item-free.
Related Article: Nintendo Cancels Mid-generation Switch Pro, and Sources Speculate Next-gen Console
