A team of white knight hackers have discovered a critical security issue called ENLBufferPwn that could give hackers "full console" access to your Switch, 3DS, and Wii U games and systems.
Following a lengthy investigation, Nintendo has been updating affected games by releasing patches, which may explain why some older games - such as Mario Kart 7 - were recently, and mysteriously, updated after many years of inactivity.
"Here is ENLBufferPwn, a severe vulnerability in many first-party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker," explained one of the players who discovered the exploit on Twitter, via Nintendo Everything.
- Wii U online replacement Pretendo says "we are committed to user safety" as Nintendo warns against using third-party alternatives to its dead servers
- After shutting down the Wii U online services last year, Nintendo asks players not to use "unauthorized services" to replace them as they might pose "security risks"
"Combined with other OS exploits, this vulnerability could allow an attacker to achieve full console takeover, and steal sensitive information or take audio/video recordings. It has scored 9.8/10 (Critical) in the CVSS 3.1 calculator."
Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker.Vulnerability report: https://t.co/QbvXKQLeDf🧵(1/7) pic.twitter.com/4qewU5YQ9xDecember 24, 2022
Pablo goes on to explain that "Nintendo has been releasing patches for affected games during 2022" and that "a list of games that are known to have had the vulnerability at some point can be found in the vulnerability report". Along with ambo6Glaz and fishguy6564 - who had also independently discovered the issue - the vulnerability was reported to Nintendo via its HackerOne program.
"I'd like to thank Nintendo for giving me the opportunity to collaborate in the finding and research of this vulnerability and putting resources into fixing it in older titles. I hope these actions have helped create a safer online gaming environment," Pablo concluded.
Now details of the exploit have been publicized, it's probably a good idea to take what's left of the festive downtime and use it to ensure all of your Nintendo-flavored systems and games are fully updated to ensure you don't fall victim to this exploit.
Affected games allegedly include Mario Kart 8 and its Deluxe version, Animal Crossing: New Horizons, ARMS, Splatoon 2, Splatoon 3, and Super Mario Maker 2, Splatoon 3 and Mario Kart 8. At the time of writing, it's unclear if Nintendo will issue updates for games on older systems, such as Wii U, but - as always - we'll keep you posted.
Here's our pick of the best Nintendo Switch games available to play right now.
The Sims 4's colorful competitor Paralives is bringing one of my favorite features from The Sims 3 back – the ability to customize literally everything
"They will cancel their subscription and your investors will have your head": This management sim about making the perfect MMO is so detailed it lets you play your own game
