Oops... Nintendo Switch shipped with months old WebKit vulnerability

Posted on Tuesday, March 14 2017 @ 13:58 CET by Thomas De Maesschalck

Nintendo's Switch has been on the market for about two weeks now and hackers discovered there's a vulnerability in the console's WebKit-based browser that allows for arbitrary code execution. What's remarkable here is that these are the same bugs Apple patched on its iOS in August 2016.

The potential for exploitation on the Switch isn't as severe because people typically don't use consoles to store sensitive data, but it could be a starting point for jailbreaking and running homebrew software on the Switch. The developer who discovered the exploit says it doesn't allow kernel access, so it doesn't leave the door wide open.

These bugs attracted attention last year because they were used to hijack an iPhone used by a political dissident in the United Arab Emirates; the bugs could allow attackers to steal call histories, texts, contacts and calendar information, and messages from apps like Gmail and WhatsApp. The trio of bugs, collectively known as "Trident," were disclosed after Apple patched them in iOS 9.3.5 in August of 2016.

Full details at ARS Technica.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!