Nintendo Switch vulnerable to iOS 9.3 WebKit exploit

By , Mar 13, 2017

A little over a week after the release of Nintendo’s new console, the Switch, reputed iOS hacker Luca Todesco has posted an image of an adapted version of his WebKit exploit running on the device.

As explained in a detailed proof-of-concept created by LiveOverflow, It seems that the Switch shipped with a somewhat antiquated browser, one whose version of WebKit was still vulnerable to the same exploit utilised by Todesco’s browser-based jailbreak for iOS 9.3.x.

Our jailbreaking readers will likely remember Todesco’s tool, called JailbreakMe. It used the exploit known as CVE-2016-4657 to execute arbitrary code via the Safari browser and is hosted on Todesco’s website. This allows users of the Pangu jailbreak for iOS 9.2-9.3.3 to re-jailbreak their devices indefinitely, alleviating the certification issues which would otherwise have plagued them, and which have plagued the iOS 10 jailbreak.

The bug was patched in more recent versions of the open-source WebKit engine, and was likewise fixed up in iOS 9.3.5, but apparently the Nintendo Switch’s bundled browser is behind the times and still contains this critical vulnerability. Whether Nintendo had already assembled and flashed these devices before its discovery is not known for sure, but seems unlikely. Perhaps they just didn’t consider it a priority to update the Switch’s browser too religiously before release, given that it is not generally user-facing, and is only invoked when trying to connect to Wi-fi networks which require a captive portal.

Noticing the ongoing applicability of CVE-2016-4657 whilst playing around with the Switch, Todesco was able to adapt the tool by removing the iOS specific code, and gain code execution, solely within the browser. It should be noted however, that this does not constitute a full jailbreak by any means. It will however be of use in further investigating the inner workings of the device.

LiveOverflow’s POC details the changes that were made to the original JailbreakMe exploit in order for it to work, and he has also released an in-depth video which explains how it is deployed to the Switch. It involves using a laptop to simulate a captive portal in order to launch the Switch’s browser from within its Wi-fi settings. By setting up a proxy on the laptop, the captive portal can be made to redirect to a website of your choice, in this case, an adapted JailbreakMe exploit page.

For further details on the process, feel free to watch the full video below:

Whilst this news does not imply that the Switch is close to being fully jailbroken, it is a first step, and is certainly notable in its transference of the underlying bug. It seems slightly lax of Nintendo to have shipped a browser incorporating such a powerful and well-known exploit, but at this point it has only been used to gain code execution within the browser, not over the entire system. It has also been suggested that Nintendo can issue an update to patch the vulnerability that will not require user authentication, making it difficult to remain on an exploitable software version, though this remains to be confirmed.

Have you got your hands on a Switch already? Would you be interested in a jailbroken Switch, if such a thing did eventually come to pass? Let me know.

  • Share:
  • Follow:

  • EricWalker (ewalk40)

    Yet we still don’t have an iOS 10.1.1 jailbreak for i7 or i7+

    • William Melendez

      It’s available. My iPhone 7 plus is currently jail broken.

      I have a Switch and I love it. I would jailbreak for sure. Lol

      • EricWalker (ewalk40)

        Did you follow a guide on here?

      • Rigs101

        It’s on here somewhere, I’d link it but I’m at work. Basically you download Yalu 10.1.1b3 and install with cydia impactor then run the Mach_portal app on your iPhone 7(+) and it will close after about 10 seconds and you’re jail broken. If your phone reboots then run mach_portal again to enter into jail broken state. After seven days you have to reinstall mach_portal to renew the certificate

      • makedonii
      • EricWalker (ewalk40)

        Is he though?

      • Rowan09

        I bought 3 and sold 1 and still have 2 (1 I’m keeping). The Switch is ok the lack of games is killing the system.

      • Mike M. Powell

        I mean the launch is terrible. But just like the wii u, i’m getting when Mario oddessy comes out and a confirmation of a smash 6. Mario kart deluxe can wait, or if they give us a ton of new tracks .-.

      • Rowan09

        It’s going to be a flop just like the Wii U Nintendo is getting dumber and dumber. They make a system with only 24GB then you need at least a 128GB SD card ($44), then you can’t even play the system and charge it while on a table, then you need to purchase a $29.99 charging grib, then to get a true experience (according to Nintendo), you need a $70 Pro controller, then you’ll need or should buy a $7.99 screen protector. After taxes you spend about $330, so that means your spending about $500 just to get a system with a good experience and you still need to buy a $59.99 game. This is the most expensive system on the market and because of Nintendos accessory decision it will be a flop real soon.

      • Mike M. Powell

        I mean like yeah, thats why alot of people wanted to know about backward compatibility, and if they can import their old downloaded virtual games to the new system. But i didn’t know about the extra plugs and junk. Also to be fair I never bought the pro controller, never considered it becuase of the price. Only thing i got was the smash bundle with the gamecube adapter. And i knew they’d do it, can’t give a new smash and nope pay homage to the vets. Hoping they do the same. Like i don’t mind buying smash controllers from Nintendo, but everything else is unnecessary.

      • Rowan09

        Yep and that’s Nintendo’s issue

      • Mike M. Powell

        jailbreak it and watch nintendo be on ur butt, u know they dont play lol. they wont even let ppl stream most games without it getting shut down. Let alone a jailbreak exploit. This gonna get patched quick ._.

  • William Melendez

    Yeah the Nintendo Switch my lack games at the moment. But have you guys even try playing Zelda? Oh my god, such a bad ass game. I haven’t played a game that I have been hooked in a very long time. Sick game b