Skip to main content

Nintendo patches a security vulnerability that could give hackers "full console takeover"

Games affected by the "ENLBufferPwn" exploit have been patched throughout 2022.

Yellow and Blue Splatoon kids battling with splatters of paint everywhere
Image credit: Nintendo

Nintendo has quietly patched a security vulnerability that could give hackers access to compromised Switch, 3DS, and Wii U games.

Remember when Nintendo released its first update for Mario Kart 7 in 10 years? Well, it turns out that was to address a critical exploit that "could allow an attacker to achieve full console takeover".

The Eurogamer Newscast News Quiz of the Year 2022!Watch on YouTube

Whilst the issue was reportedly first noted back in 2021, PabloMK7, Rambo6Glaz, Fishguy6564 have been credited with the discovery of "ENLBufferPwn", an exploit so serious, it was given a critical score of 9.8/10 in the CVSS 3.1 calculator.

As spotted by Nintendo Everything, the exploit was also reportedly patched in Mario Kart 8 Deluxe, Animal Crossing: New Horizons, ARMS, Splatoon 2, and Super Mario Maker 2, as well as Splatoon 3 and Mario Kart 8 a short while back, as - according to one of the people who discovered it - "combined with other OS exploits, the vulnerability could allow an attacker to achieve full console takeover".

By reporting the issue via Nintendo's HackerOne program, the hackers secured $1000 bounty. It remains unclear if affected Wii U games will similarly be patched.

As for Mario Kart 8 Deluxe, its most recent update saw the arrival of its third wave of DLC courses and the option to customise items - something Ed feels is the best thing to happen to Mario Kart 8.

Read this next