A team of white knight hackers have discovered a critical security issue called ENLBufferPwn that could give hackers "full console" access to your Switch, 3DS, and Wii U games and systems.
Following a lengthy investigation, Nintendo has been updating affected games by releasing patches, which may explain why some older games - such as Mario Kart 7 (opens in new tab) - were recently, and mysteriously, updated after many years of inactivity.
"Here is ENLBufferPwn, a severe vulnerability in many first-party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker," explained one of the players who discovered the exploit on Twitter, via Nintendo Everything (opens in new tab).
"Combined with other OS exploits, this vulnerability could allow an attacker to achieve full console takeover, and steal sensitive information or take audio/video recordings. It has scored 9.8/10 (Critical) in the CVSS 3.1 calculator."
Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker.Vulnerability report: https://t.co/QbvXKQLeDf🧵(1/7) pic.twitter.com/4qewU5YQ9xDecember 24, 2022
Pablo goes on to explain that "Nintendo has been releasing patches for affected games during 2022" and that "a list of games that are known to have had the vulnerability at some point can be found in the vulnerability report". Along with ambo6Glaz and fishguy6564 - who had also independently discovered the issue - the vulnerability was reported to Nintendo via its HackerOne program.
"I'd like to thank Nintendo for giving me the opportunity to collaborate in the finding and research of this vulnerability and putting resources into fixing it in older titles. I hope these actions have helped create a safer online gaming environment," Pablo concluded.
Now details of the exploit have been publicized, it's probably a good idea to take what's left of the festive downtime and use it to ensure all of your Nintendo-flavored systems and games are fully updated to ensure you don't fall victim to this exploit.
Affected games allegedly include Mario Kart 8 and its Deluxe version, Animal Crossing: New Horizons, ARMS, Splatoon 2, Splatoon 3, and Super Mario Maker 2, Splatoon 3 and Mario Kart 8. At the time of writing, it's unclear if Nintendo will issue updates for games on older systems, such as Wii U, but - as always - we'll keep you posted.
Here's our pick of the best Nintendo Switch games (opens in new tab) available to play right now.