Nintendo Switch Hacked Through Browser Webkit Exploit

The exploit may pave the road to hacking Nintendo Switch root access.


The Nintendo Switch has already been hacked. The device's web browser, generally inaccessible, is vulnerable to a WebKit bug, one that was previously used to help Jailbreak iOS 9.3. Though the hackers haven't been able to gain root access as of yet, this exploit opens the possibilities for custom firmware and system level code execution sometime in the future.

The CVE-201604567 WebKit bug was used by LiveOverflow to hack the Nintendo Switch's web browser; an exploit security updates have blocked for some time. Why Nintendo didn't provide the latest WebKit code for the Switch's internal web browser, even if it's not accessible by users, is anyone's guess. The Wii and Wii U both have fallen victim to exploits that allow for custom software installation which has been used to aid in software piracy before.

The Nintendo Switch running an older version of WebKit vulnerable to the CVE-201604567 bug seems to lead credence to speculation that the software side of the device was rushed. Although Nintendo has stated that it left access to a web browser out of the Switch because it wanted to concentrate on the gaming side of the device, it seems like the real reason might be due to unpatched and dated software.

Now that the Switch hacking exploit is in the wild, more than likely Nintendo will soon patch the internal web browser. If you're interested in keeping the 2.0.0 Switch firmware that contains this exploit, you might want to start making plans to disconnect your device from the internet.

Contributing Editor
From The Chatty
Hello, Meet Lola