Even back in the NES days, there were various bugs in games or console firmware that hackers exploited to run cheats or run pirated copies. Traditionally, however, the owner had to choose to actively exploit these vulnerabilities. The error shown today is more serious.
PabloMK7 hacker revealed todayENLBufferPwn, perhaps the most serious vulnerability ever found in a Nintendo system. With it, it is possible to gain complete control over another system when you are in the same online lobby with the victim. Not only can hackers use it to manipulate games, but in the case of the Nintendo 3DS and Wii U, they can also record video and audio. Nintendo was made aware of the bug by several hackers in 2021 and 2022 via the HackerOne program, which resulted in quite a few games receiving updates. The most famous example is the recently released update for Mario Kart 7. However, not all games have been updated yet. With Mario Kart 8 and Splatoon, only two of the major Wii U games are at risk. We have attached a list of some of the affected games. Addresses not previously reported may be subject to error.
- Mario Kart 7 (bug fixed in v1.2)
- Mario Kart 8 (bug not fixed yet)
- Mario Kart 8 Deluxe (bug fixed in version 2.1.0)
- Animal Crossing: New Horizons (2.0.6 bug fixed)
- ARMS (bug fixed in version 5.4.1)
- Splatoon (bug not fixed yet)
- Splatoon 2 (fixed in v5.5.1)
- Splatoon 3 (bug fixed in late 2022)
- Super Mario Maker 2 (3.0.2 bug fixed)
- Nintendo Switch Sports (bug fixed late 2022)
At least in Mario Kart 7, the bug has already been exploited, such as a previously unknown video by a Japanese player on YouTube shows.
Whether newer games such as Pokémon Crimson or Crimson contain this vulnerability is unknown. However, since this was pointed out to Nintendo several months ago, Nintendo Switch Sports may be the latest game to suffer from this problem. The question now is, will Nintendo update Splatoon and Mario Kart 8, or perhaps disable the online features for those titles altogether? We will keep you updated.
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”