
What does Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-through - LiveOverflow
https://www.youtube.com/watch?v=xkdPjbaLngE
======
hulahoof
I was at work so unable to watch video, the GitHub[1] page was quite
informative though =)

[1]
[https://github.com/LiveOverflow/lo_nintendoswitch/blob/maste...](https://github.com/LiveOverflow/lo_nintendoswitch/blob/master/poc1.html)

------
jsheard
The 3DS was hacked multiple times via pre-existing WebKit exploits, you'd
think Nintendo would have learned to keep it up to date by now. Apparently
not...

~~~
IntelMiner
Nintendo doesn't directly control the browser. The browser is based on
"NetFront" from Japanese company "Access Co. Ltd"

According to Wikipedia, the last "stable release" was in 2012. Which may also
contribute to things

[https://en.wikipedia.org/wiki/NetFront](https://en.wikipedia.org/wiki/NetFront)

~~~
creshal
And before that they used pre-Blink Opera.

Nintendo really has bad luck with picking their browser vendors…

~~~
ralfn
Why are they even using a vendor? The work is just integrating webkit in their
build pipeline! How can using a vendor not be more hassle, money, time and
troubles?

~~~
creshal
I assume they're asking themselves that question now. Probably it seemed
cheaper up front.

------
russellbeattie
I noticed when I signed into Twitter via the Switch, it used the internal
browser, which Twitter identified as Safari. Not sure what the actual User-
Agent was, but the big N seems to have just pulled the browser code off the
shelf (not surprising).

~~~
creshal
WebKit based browsers tend to include Safari in their user agent.

------
veli_joza
Thanks for very informative video. Sketches and diagrams on top of code are
really well done. I wish more tutorials would use them.

------
imjustsaying
>What does Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-
through

For the ESLers out there, the verb here should be do instead of does.

~~~
jimmies
"What does Nintendo Switch have in common with iOS 9.3?" will work too, right?

~~~
imjustsaying
yes

------
breakingcups
Very well explained video. This was incredibly interesting to watch.

------
anomie31
I gotta say, I'm really annoyed at whoever let the cat out of the bag so soon.
I'm afraid shit like this will frustrate the efforts of many. Have some
patience y'all.

~~~
LiveOverflow
It was already out of the bag. That the switch is vulnerable to this was
quickly known on day 1 and shortly after posted all over the internet. I
didn't leak something private.

~~~
anomie31
I know, I wasn't referring to you in particular, it was no secret a while ago.
I guess it was inevitable since it was so easy. I'm just sore that this will
likely be patched in future updates now.

------
throwaway16484
Considering all the horror stories about Japan's IT industry, should this
really come as a surprise?

~~~
kworker
What horror?

