If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Nintendo kills 3DS browser exploit via new firmware update

No more Pokémon Shuffle or ROM injection hacks.

Nintendo has issued a new 3DS firmware update that blocks a major web browser exploit.

Pokémon Shuffle's shop was hacked so that all purchases became free.

The hack had allowed users to inject code within downloaded games, allowing for a number of illegal uses.

A method was discovered to run pirated Game Boy Color ROMs with relative ease, for example.

Another piece of code changed the 3DS' settings so it became region-free.

Last week, an exploit emerged that allowed users to bypass paying for microtransactions in free-to-play puzzler Pokémon Shuffle, just days after the game's launch.

The web browser exploit was only available on the original 3DS, 3DS XL and 2DS. The New 3DS and 3DS XL models were immune to the method as they feature an updated browser app.

Nintendo's new system update 9.5.0-23, available from today, updates the 3DS web browser and closes the exploit loophole completely. For the moment at least, none of the above exploits are no longer working.

Topics in this article

Follow topics and we'll email you when we publish something new about them.  Manage your notification settings.

About the Author
Tom Phillips avatar

Tom Phillips


Tom is Eurogamer's Editor-in-Chief. He writes lots of news, some of the puns and makes sure we put the accent on Pokémon.

Eurogamer.net logo

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Explore our store
Eurogamer.net Merch