iOS hacker qwertyoruiop has discovered
that an old iOS 9.3 WebKit vulnerability lies hidden within Nintendo's latest home console/portable hybrid, the Nintendo Switch (via SlashGear
). The exploit lies in the Switch's limited web browser functionality, which allows users to sync up with Twitter and Facebook as well as connect to public Wi-Fi hotspots, and is all run by Apple's open source browser engine WebKit
The Switch's version of WebKit is older than the one currently running on up-to-date iOS and macOS devices, however, allowing Nintendo's device to become vulnerable to a collection of critical exploits that plagued iOS 9.3 last summer. One, named "Pegasus," was a highly sophisticated exploit that installed itself within an iOS device through a link sent via a text message. Apple eventually addressed and fixed these issues
with iOS 9.3.5.
For unknown reasons, Nintendo opted to include a version of WebKit that doesn't have these fixes, allowing qwertyoruiop to use an existing iOS WebKit jailbreak, remove any iOS-specific code, and tweak it so it runs on the Switch. The existence of a known exploit running on Switch points towards a rushed release, which was already believed to be the case since the company's fiscal year ends March 31, 2017 and the Switch launched March 3.
Developer LiveOverflow yesterday published a proof of concept video
on the Switch WebKit exploit, further detailing how the bug originating on Apple's devices can be used to hack a Nintendo Switch.
The userland exploit "doesn’t mean much for the end user," according to Wololo
, because it hasn't revealed any detailed information on the Switch yet, nor does it hand over full kernel access to hackers. As the news slowly makes the rounds online, it's most likely that Nintendo will add in a patch to the old WebKit exploit in a future update to the Switch.