This will explain all the updates we got this year.
Some older Nintendo games have known security holes that can be exploited simply by playing them online.
Rated 9.8 / 10 (Critical) on the Common Vulnerability Scoring System (CVSS) scale, the “ENLBufferPwn” exploit has been found in older Nintendo games dating back to Mario Kart 7 and was able to completely take over the system. increase. third party. Potential uses include accessing stored payment information and capturing audio and video using the 3DS and Wii U GamePad’s built-in cameras and microphones.
This vulnerability isbuffer overflowAffected games were attacked because they did not specify a limit on the amount of data sent in a game session. While this is nominally some player’s data (such as the player’s Mii in Mario Kart 7), there are no limits, so even without visible detection from the victim, a complete takeover of the system is possible. .
of Vulnerability report It states the following games are affected, but warns that other first party titles may be involved.
- 3DS: Mario Kart 7
- Wii U: Splatoon, Mario Kart 8
- Switch: Mario Kart 8 Deluxe, ARMS, Splatoon 2/3, Super Mario Maker 2, Animal Crossing: New Horizons, Nintendo Switch Sports
Mario Kart 7 recently received its first patch in over a decade to patch this issue. Switch titles were not regularly patched or fixes were included in other feature updates. However, the Wii U game is unpatched at the time of this article, and it’s unclear if it will ever be patched. The 3DS patch system that requires download from the eShop also means that other vulnerable titles may not be patched before the 3DS and Wii U eShops are closed. February march.
Nintendo was notified of the vulnerability by the finder prior to its publication through a bug bounty program that allowed existing patches to be programmed.
