PSA: Make sure your Nintendo games are fully patched following the discovery of this exploit
"It allows remote code execution by just having an online game session with an attacker"
A team of white knight hackers have discovered a critical security issue called ENLBufferPwn that could give hackers "full console" access to your Switch, 3DS, and Wii U games and systems.
Following a lengthy investigation, Nintendo has been updating affected games by releasing patches, which may explain why some older games - such as Mario Kart 7 - were recently, and mysteriously, updated after many years of inactivity.
"Here is ENLBufferPwn, a severe vulnerability in many first-party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker," explained one of the players who discovered the exploit on Twitter, via Nintendo Everything.
"Combined with other OS exploits, this vulnerability could allow an attacker to achieve full console takeover, and steal sensitive information or take audio/video recordings. It has scored 9.8/10 (Critical) in the CVSS 3.1 calculator."
Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker.Vulnerability report: https://t.co/QbvXKQLeDf🧵(1/7) pic.twitter.com/4qewU5YQ9xDecember 24, 2022
Pablo goes on to explain that "Nintendo has been releasing patches for affected games during 2022" and that "a list of games that are known to have had the vulnerability at some point can be found in the vulnerability report". Along with ambo6Glaz and fishguy6564 - who had also independently discovered the issue - the vulnerability was reported to Nintendo via its HackerOne program.
"I'd like to thank Nintendo for giving me the opportunity to collaborate in the finding and research of this vulnerability and putting resources into fixing it in older titles. I hope these actions have helped create a safer online gaming environment," Pablo concluded.
Now details of the exploit have been publicized, it's probably a good idea to take what's left of the festive downtime and use it to ensure all of your Nintendo-flavored systems and games are fully updated to ensure you don't fall victim to this exploit.
Sign up to the 12DOVE Newsletter
Weekly digests, tales from the communities you love, and more
Affected games allegedly include Mario Kart 8 and its Deluxe version, Animal Crossing: New Horizons, ARMS, Splatoon 2, Splatoon 3, and Super Mario Maker 2, Splatoon 3 and Mario Kart 8. At the time of writing, it's unclear if Nintendo will issue updates for games on older systems, such as Wii U, but - as always - we'll keep you posted.
Here's our pick of the best Nintendo Switch games available to play right now.
Vikki Blake is 12DOVE's Weekend Reporter. Vikki works tirelessly to ensure that you have something to read on the days of the week beginning with 'S', and can also be found contributing to outlets including the BBC, Eurogamer, and GameIndustry.biz. Vikki also runs a weekly games column at NME, and can be frequently found talking about Destiny 2 and Silent Hill on Twitter.
One of the most enchanting games like Stardew Valley I played in 2024 just got a big new update, placing the medieval life sim RPG back on my radar
The Sims creator's first game in over 10 years is an AI life sim that uses your real memories: "The more I can make a game about you, the more you'll like it"