12/29/2022 at 2:00 p.m. by Rhonda Bachmann – Some Nintendo games had a vulnerability that allowed attackers to take over their victims’ consoles. The “ENLBufferPwn” vulnerability was discovered by users and fixed by Nintendo on almost all platforms over the course of 2022. Only Wii U users should still beware of the problem.
This year, a number of games on various Nintendo consoles have received updates that have users wondering what this means. In mid-December, for example, a patch for Mario Kart 7 for the 3DS handheld, which was released in 2011, caused quite a stir. Now it has become known that the Japanese company has quietly and secretly closed a huge vulnerability affecting the Nintendo Switch, 3DS and Wii U consoles with the updates.
Mysterious updates close huge vulnerability “ENLBufferPwn”
The ENLBufferPwn vulnerability was reported to have been reported independently by three different users as part of Nintendo’s Hacker One program in 2021 and 2022. In the program, hackers help the company make software and hardware more secure by reporting bugs and exploits. The hackers are paid for this with a “bounty”.
The vulnerability could have allowed attackers to take over their victims’ consoles, stand information or record audio and video. All of this would have been possible simply by the victim being in an online match with the attacker. The exploit was rated critical with a score of 9.8 out of 10 in the CVSS 3.1 Calculator, a vulnerability scoring system.
Nintendo released updates for a number of affected games throughout 2022. These include Mario Kart 7 for the 3DS, Mario Kart 8 Deluxe Version 2.1.0, Animal Crossing: New Horizons Version 2.0.6, ARMS Version 5.4.1, Splatoon 2 Version 5.5.1 and Super Mario Maker 2 Version 3.0. 2 located. In addition, the problem is said to have already been fixed for the Switch titles Splatoon 3 and Nintendo Switch Sports. However, the affected titles on the Wii U have apparently not yet been fixed and it is unclear whether there will be any updates for them in the future.
Quelle: Nintendo Everything, Eurogamer, Github
