Skip to content

Recent updates for older Nintendo games were due to a major security vulnerability

Mario Kart 8 deluxe art

Over the past few week’s many of you, including us, have been surprised at older Nintendo Switch games and Nintendo 3DS games getting random software updates. the cause of this was never explicitly stated by Nintendo and the patch notes for the games which were updated simply said that “Several issues have been addressed to improve the gameplay experience.” However, it seems that was only half of the story.

It now turns out that the games which were updated over the past few weeks such as Mario Kart 7 on Nintendo 3DS (first update in a decade), Mario Kart 8 Deluxe and Animal Crossing: New Horizons were all affected by security holes which could be exploited by playing the game online. The exploits, which have now been patched for Switch games, could have allowed for a full takeover of the system by a hacker without detection.

For instance they could access saved payment information or use the built-in cameras and microphones to capture both audio and video (Wii U and Nintendo 3DS) Nintendo World Report says that the exploit is called the “ENLBufferPwn” exploit and is rated as a 9.8/10 (Critical) on the Common Vulnerability Scoring System.

While the issues were easy for Nintendo to fix on the Nintendo Switch system due to the way updates are deployed, certain Wii U and Nintendo 3DS games remain unpatched meaning they are still vulnerable for the exploit to be used. The Nintendo 3DS has issues due to the fact that some updates need to be downloaded for the software from the eShop. Both the Wii U eShop and Nintendo 3DS eShop close in February.

Here is a list of games that are known to have had the vulnerability at some point (all the Switch and 3DS games listed have received updates that patch the vulnerability, so they are no longer affected):

GitHub
  • Mario Kart 7 (fixed in v1.2)
  • Mario Kart 8 (still not fixed)
  • Mario Kart 8 Deluxe (fixed in v2.1.0)
  • Animal Crossing: New Horizons (fixed in v2.0.6)
  • ARMS (fixed in v5.4.1)
  • Splatoon (still not fixed)
  • Splatoon 2 (fixed in v5.5.1)
  • Splatoon 3 (fixed in late 2022, exact version unknown)
  • Super Mario Maker 2 (fixed in v3.0.2)
  • Nintendo Switch Sports (fixed in late 2022, exact version unknown)
  • Probably more…

Via

4 thoughts on “Recent updates for older Nintendo games were due to a major security vulnerability”

  1. “The Nintendo 3DS has issues due to the fact that some updates need to be downloaded for the software from the eShop. Both the Wii U eShop and Nintendo 3DS eShop close in February.”

    Bet they’re regretting that decision now, especially if they can’t roll out those patches in time or find more holes after the fact.

  2. Nintendo is basically digging another hole in to the ground to find solutions to stop these greedy hackers. Yeah this is type of solution needs to be fix from every Nintendo games in the 3DS, Wii U and Switch.

Leave a Reply

%d bloggers like this: