Difference between revisions of "Switch Userland Flaws"

From Nintendo Switch Brew
Jump to: navigation, search
(Browser userspace)
 
(4 intermediate revisions by 2 users not shown)
Line 12: Line 12:
 
| CVE-2016-4657
 
| CVE-2016-4657
 
| WebKit vuln discovered around August 2016. Most notably used in the iOS 9.3.X exploit. A simple PoC can be found [https://github.com/LiveOverflow/lo_nintendoswitch/blob/master/poc1.html here]. This was later exploited by [https://twitter.com/qwertyoruiopz Qwertyoruiop] using an adjusted version of his iOS 9.3 webkit exploit (others exploited this prior to then).
 
| WebKit vuln discovered around August 2016. Most notably used in the iOS 9.3.X exploit. A simple PoC can be found [https://github.com/LiveOverflow/lo_nintendoswitch/blob/master/poc1.html here]. This was later exploited by [https://twitter.com/qwertyoruiopz Qwertyoruiop] using an adjusted version of his iOS 9.3 webkit exploit (others exploited this prior to then).
| [[2.1|2.1.0]]
+
| [[2.1.0]]
| [[2.0|2.0.0]]
+
| [[2.0.0]]
 
| Original: August 2016
 
| Original: August 2016
 
Switch: March 3rd-4th 2017
 
Switch: March 3rd-4th 2017
| ???
+
| Everyone
 
|-
 
|-
| [https://github.com/yellows8/browserhax_fright browserhax_fright_tx3g]
+
| CVE-2017-7005
|  
+
| WebKit type confusion.
| 2.1.0
+
| [[3.0.1]]
 +
| [[3.0.1]]
 
|  
 
|  
 +
| Everyone
 +
|-
 +
| CVE-2016-4622
 +
| WebKit memory corruption bug. This bug was incorrectly re-introduced in [[4.0.0]]. See [http://www.phrack.org/papers/attacking_javascript_engines.html here] for a detailed write-up from the author.
 +
| [[6.1.0]]
 +
| [[6.1.0]]
 
|  
 
|  
 +
| Everyone
 +
|-
 +
| CVE-2018-4441
 +
| WebKit memory corruption bug. See [https://bugs.chromium.org/p/project-zero/issues/detail?id=1685&desc=2 here].
 +
| [[7.0.0]]
 +
| [[7.0.0]]
 
|  
 
|  
 +
| Everyone
 
|}
 
|}

Latest revision as of 20:25, 10 March 2019

This page lists vulnerabilities / exploits for Nintendo Switch applications and applets.

Browser userspace

Summary Description Fixed with software update Newest software update this flaw was checked for Timeframe this was discovered Discovered by
CVE-2016-4657 WebKit vuln discovered around August 2016. Most notably used in the iOS 9.3.X exploit. A simple PoC can be found here. This was later exploited by Qwertyoruiop using an adjusted version of his iOS 9.3 webkit exploit (others exploited this prior to then). 2.1.0 2.0.0 Original: August 2016

Switch: March 3rd-4th 2017

Everyone
CVE-2017-7005 WebKit type confusion. 3.0.1 3.0.1 Everyone
CVE-2016-4622 WebKit memory corruption bug. This bug was incorrectly re-introduced in 4.0.0. See here for a detailed write-up from the author. 6.1.0 6.1.0 Everyone
CVE-2018-4441 WebKit memory corruption bug. See here. 7.0.0 7.0.0 Everyone