A couple of weeks ago, this little thing called the Nintendo Switch was released, and if you didn’t hear about it from us, you probably heard about it from just about everyone else. The wildly popular gaming console has seen incredible success, and has already boasted a slew of acclaimed titles including Zelda: Breath of the Wind and Skylanders. However, after just two weeks a major security loophole was discovered in the system. Developer LiveOverflow has published a Proof of Concept file to confirm that the iOS 9.3 webkit exploit is working on the Nintendo Switch. The exploit was previously announced by qwertyoruiop, the hacker behind the iOS 9.3 jailbreak that used the same vulnerability as its starting point.
In addition to the Proof of Concept, LiveOverflow has published an in depth explanation on how the exploit works, as well as a summary on how to launch the Nintendo Switch browser. With this new Proof of Concept published, Nintendo Switch owners are able to confirm that their systems are vulnerable to this exploit.
Just to be clear: I did not jailbreak the Switch. I simply demonstrated a proof of concept exploit that gives me code exec in the browser.
— qwertyoruiop (@qwertyoruiopz) March 13, 2017
While the Proof of Concept doesn’t really mean much to owners, it means a lot to any less reputable individuals (see hackers). With this publication, hackers can study the ins and outs of the console to determine vulnerabilities that would allow for complete access to the Switch.
For Nintendo Switch users who are curious about the Proof of Concept, it’s possible to test the exploit on their own console by receiving the files from LiveOverflow’s github, and host it locally on their servers. Using DNSwitch or a proxy server, it will be possible to point the Switch browser to the file for testing.