Nintendo Switch 'severe vulnerability' patched — what you need to know
First-party Switch and 3DS games could have compromised your security
We love all of the best Switch games, but playing first-party titles online may have been quietly risky over the past 12 months and more. That's because hackers could have exploited a vulnerably in online elements of the Switch, Nintendo 3DS and Wii U to compromise your playing experience, steal private information and even take complete control of your console.
Known as ENLBufferPwn, this is exploit was given a score of 9.8/10 (critical) by the Common Vulnerability Scoring System used to measure such weaknesses. First found in 2021 and reported to Nintendo, the gaming giant has been been quietly fixing the vulnerability in leading titles like Nintendo Switch Sports, Mario Kart 8, and the Splatoon series throughout 2022 . First-party games were particularly vulnerable to a C++ buffer overflow in the Network Library, rendering them prime targets for those up to no good.
New security worries emerged after homebrew developer PabloMK7 tweeted they had discovered ENLBufferPwn in Mario Kart 7 on 3DS in December 2022 with a video demonstrating the hacking method. But as reported by Eurogamer, Nintendo has now fixed the issue for this game when it updated the title for the first time in a decade after PabloMK7 and others reported it via Nintendo's HackerOne program.
Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker.Vulnerability report: https://t.co/QbvXKQLeDf🧵(1/7) pic.twitter.com/4qewU5YQ9xDecember 24, 2022
Despite this quick fix, and the effective response to ENLBufferPwn throughout 2022, Nintendo owners should weigh up the risk of playing first-party games online right now. It should be safe to play with friends and trusted groups, but there could still be other vulnerable titles or another way for malicious hackers to take advantage of exploits.
Switch gamers unsure if their online game of choice has been patched might want to stick to single-player titles such as the excellent The Legend of Zelda: Breath of the Wild. Those playing online on previous-gen consoles such as the 3DS or Wii U should be particularly wary as updates for games on these platforms are rare compared to the well-supported Switch.
Nintendo has not given an official comment on ENLBufferPwn, but keeping your software and hardware up to date with the latest versions is one of the best ways to protect yourself. And if you do experience any issues in a first or third-party game, make sure to report it to Nintendo as soon as possible.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
Andy is a freelance writer with a passion for streaming and VPNs. Based in the U.K., he originally cut his teeth at Tom's Guide as a Trainee Writer before moving to cover all things tech and streaming at T3. Outside of work, his passions are movies, football (soccer) and Formula 1. He is also something of an amateur screenwriter having studied creative writing at university.