Beyond Consoles

Recent updates for older Nintendo games were due to a major security vulnerability

December 24, 2022

Over the past few week’s many of you, including us, have been surprised at older Nintendo Switch games and Nintendo 3DS games getting random software updates. the cause of this was never explicitly stated by Nintendo and the patch notes for the games which were updated simply said that “Several issues have been addressed to improve the gameplay experience.” However, it seems that was only half of the story.

It now turns out that the games which were updated over the past few weeks such as Mario Kart 7 on Nintendo 3DS (first update in a decade), Mario Kart 8 Deluxe and Animal Crossing: New Horizons were all affected by security holes which could be exploited by playing the game online. The exploits, which have now been patched for Switch games, could have allowed for a full takeover of the system by a hacker without detection.

For instance they could access saved payment information or use the built-in cameras and microphones to capture both audio and video (Wii U and Nintendo 3DS) Nintendo World Report says that the exploit is called the “ENLBufferPwn” exploit and is rated as a 9.8/10 (Critical) on the Common Vulnerability Scoring System.

While the issues were easy for Nintendo to fix on the Nintendo Switch system due to the way updates are deployed, certain Wii U and Nintendo 3DS games remain unpatched meaning they are still vulnerable for the exploit to be used. The Nintendo 3DS has issues due to the fact that some updates need to be downloaded for the software from the eShop. Both the Wii U eShop and Nintendo 3DS eShop close in February.

Here is a list of games that are known to have had the vulnerability at some point (all the Switch and 3DS games listed have received updates that patch the vulnerability, so they are no longer affected):

GitHub