Many users of nintendoswitch and other consoles from the Japanese firm —such as the 3DS or the Wii U— have recently come across unpleasant news: a serious vulnerability affects several of its most important games. A security flaw so notorious that, if exploited, it is capable of providing “full control” over devices.
As reported Eurogamerthe vulnerability was originally reported in 2021 under the name of ENLBufferPwn. However, it didn’t really gain relevance until lately Nintendo began quietly updating the major affected titles. According to said medium, it received a score of 9.8 out of 10 in CVSS 3.1, which speaks volumes about its severity.
The security breach in Nintendo Switch, 3DS, and Wii U games allowed remote code execution on the consoles. To do this, it was only necessary to share an online game session with an attacker. It is important to mention that, in case of being combined with other security flaws of the operating system, a hacker could gain full access and control over the infected device. What does this mean? That it could not only steal sensitive information from the device, but also take screenshots or audio from a distance.
For now, Nintendo has released patches for multiple affected Switch games. Such are the cases of Mario Kart 8 Deluxe, Animal Crossing: New Horizons, ARMS, splatoon 2, splatoon 3, Super Mario Maker 2 Y Nintendo Switch Sports. There has also been a rather striking case, since in recent weeks it updated Mario Kart 7, for 3DS, for the same reason. Not a minor fact, considering that the game was launched in December 2011 and had not received a new version since May 2012.
The Nintendo Switch and its predecessors, exposed to a serious security breach
The situation has earned several criticisms of the Japanese company. It is that, although multiple users reported the vulnerability, which was addressed by Nintendo, the lack of communication regarding its severity has caused great discontent. Asians updated affected Nintendo Switch games over the course of this year, but without mentioning the ENLBufferPwn patch.
But the most notorious has been, until now, the decision not to release security patches for affected Wii U games. Although it launched in 2012 and was discontinued in 2017, it still has a significant user base. Nintendo’s refusal to, for now, update its titles so that they are not exposed to the vulnerability has led third parties, such as the Pretendo Network, to launch their own solutions.
The question also persists as to whether other Nintendo Switch titles, beyond those already repaired, could have been exposed to this inconvenience. Or if he can reappear in future handheld titles. For now, the Japanese have chosen not to provide details about it.
If you have any of the aforementioned games on your console, and you have ignored the updates that have been released in the last few months, the best recommendation is that catch up and avoid possible headaches.