Difference between revisions of "Switch Userland Flaws"

From Nintendo Switch Brew
Jump to navigation Jump to search
(fckn RIP)
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
(fill this)
+
This page lists vulnerabilities / exploits for Nintendo Switch applications and applets.
= List of Switch Userland Flaws =
+
 
(fill this too)
 
 
== Browser userspace ==  
 
== Browser userspace ==  
===WebKit===
 
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
!  Summary
 
!  Summary
Line 12: Line 10:
 
!  Discovered by
 
!  Discovered by
 
|-
 
|-
| CVE-2016-4657  
+
| CVE-2016-4657
| WebKit exploit discovered around August 2016. Most notably used in the iOS 9.3.X exploit. A simple PoC can be seen [https://github.com/LiveOverflow/lo_nintendoswitch/blob/master/poc1.html here]. First known use on the Switch includes [https://twitter.com/qwertyoruiopz Qwertyoruiop] using a version of his iOS 9.3 hack without iOS specific instructions
+
| WebKit vuln discovered around August 2016. Most notably used in the iOS 9.3.X exploit. A simple PoC can be found [https://github.com/LiveOverflow/lo_nintendoswitch/blob/master/poc1.html here]. This was later exploited by [https://twitter.com/qwertyoruiopz Qwertyoruiop] using an adjusted version of his iOS 9.3 webkit exploit (others exploited this prior to then).
| 2.1.0
+
| [[2.1.0]]
| 2.0.0
+
| [[2.0.0]]
 
| Original: August 2016
 
| Original: August 2016
Switch: March 4th 2017
+
Switch: March 3rd-4th 2017
| ???
+
| Everyone
 
|-
 
|-
 +
| CVE-2017-7005
 +
| WebKit type confusion.
 +
| [[3.0.1]]
 +
| [[3.0.1]]
 +
|
 +
| Everyone
 +
|-
 +
| CVE-2016-4622
 +
| WebKit memory corruption bug. This bug was incorrectly re-introduced in [[4.0.0]]. See [http://www.phrack.org/papers/attacking_javascript_engines.html here] for a detailed write-up from the author.
 +
| [[6.1.0]]
 +
| [[6.1.0]]
 +
|
 +
| Everyone
 
|}
 
|}

Revision as of 18:19, 30 October 2018

This page lists vulnerabilities / exploits for Nintendo Switch applications and applets.

Browser userspace

Summary Description Fixed with software update Newest software update this flaw was checked for Timeframe this was discovered Discovered by
CVE-2016-4657 WebKit vuln discovered around August 2016. Most notably used in the iOS 9.3.X exploit. A simple PoC can be found here. This was later exploited by Qwertyoruiop using an adjusted version of his iOS 9.3 webkit exploit (others exploited this prior to then). 2.1.0 2.0.0 Original: August 2016

Switch: March 3rd-4th 2017

Everyone
CVE-2017-7005 WebKit type confusion. 3.0.1 3.0.1 Everyone
CVE-2016-4622 WebKit memory corruption bug. This bug was incorrectly re-introduced in 4.0.0. See here for a detailed write-up from the author. 6.1.0 6.1.0 Everyone