Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
We love all of the best Switch games, but playing first-party titles online may have been quietly risky over the past 12 months and more. That's because hackers could have exploited a vulnerably in online elements of the Switch, Nintendo 3DS and Wii U to compromise your playing experience, steal private information and even take complete control of your console.
Known as ENLBufferPwn, this is exploit was given a score of 9.8/10 (critical) by the Common Vulnerability Scoring System used to measure such weaknesses. First found in 2021 and reported to Nintendo, the gaming giant has been been quietly fixing the vulnerability in leading titles like Nintendo Switch Sports, Mario Kart 8, and the Splatoon series throughout 2022 . First-party games were particularly vulnerable to a C++ buffer overflow in the Network Library, rendering them prime targets for those up to no good.
New security worries emerged after homebrew developer PabloMK7 tweeted they had discovered ENLBufferPwn in Mario Kart 7 on 3DS in December 2022 with a video demonstrating the hacking method. But as reported by Eurogamer, Nintendo has now fixed the issue for this game when it updated the title for the first time in a decade after PabloMK7 and others reported it via Nintendo's HackerOne program.
Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker.Vulnerability report: https://t.co/QbvXKQLeDf🧵(1/7) pic.twitter.com/4qewU5YQ9xDecember 24, 2022
Despite this quick fix, and the effective response to ENLBufferPwn throughout 2022, Nintendo owners should weigh up the risk of playing first-party games online right now. It should be safe to play with friends and trusted groups, but there could still be other vulnerable titles or another way for malicious hackers to take advantage of exploits.
Switch gamers unsure if their online game of choice has been patched might want to stick to single-player titles such as the excellent The Legend of Zelda: Breath of the Wild. Those playing online on previous-gen consoles such as the 3DS or Wii U should be particularly wary as updates for games on these platforms are rare compared to the well-supported Switch.
Nintendo has not given an official comment on ENLBufferPwn, but keeping your software and hardware up to date with the latest versions is one of the best ways to protect yourself. And if you do experience any issues in a first or third-party game, make sure to report it to Nintendo as soon as possible.
