iOS hacker qwertyoruiop has discovered that an old iOS 9.3 WebKit vulnerability lies hidden within Nintendo’s latest home console/portable hybrid, the Nintendo Switch, and subsequently hacked the console in the process (via SlashGear). The exploit lies in the Switch’s limited web browser functionality, which allows users to sync up with Twitter and Facebook as well as connect to public Wi-Fi hotspots, and is all run by Apple’s open source browser engine WebKit.
The Switch’s version of WebKit is older than the one currently running on up-to-date iOS and macOS devices, however, allowing Nintendo’s device to become vulnerable to a collection of critical exploits that plagued iOS 9.3 last summer. One, named “Pegasus,” was a highly sophisticated exploit that installed itself within an iOS device through a link sent via a text message. Apple eventually addressed and fixed these issues with iOS 9.3.5.
that’s just how it goes pic.twitter.com/ztkFrbjz5u
— qwertyoruiop (@qwertyoruiopz) March 11, 2017
Developer LiveOverflow yesterday published a proof of concept video on the Switch WebKit exploit, further detailing how the bug originating on Apple’s devices can be used to hack a Nintendo Switch.
The userland exploit “doesn’t mean much for the end user,” according to Wololo, because it hasn’t revealed any detailed information on the Switch yet, nor does it hand over full kernel access to hackers. As the news slowly makes the rounds online, it’s most likely that Nintendo will add in a patch to the old WebKit exploit in a future update to the Switch.
Discuss this article in our forums