Nintendo Switch update 2.1 released, most likely patches Webkit exploit
We reported a few weeks ago about a webkit exploit running on the Nintendo Switch, just a few days after the console had been released. The exploit relied on an old vulnerability, which seemed to indicate the Nintendo Switch had shipped with an old version of Webkit.
Software update 2.1 is now here, and (drumrolls), brings “General system stability improvements to enhance the user’s experience” according to the official changelog. That’s Nintendo slang for “no homebrew for you, folks”.
Users on GBATemp report that this patches the Webkit exploit, informally known as “pegaswitch” (because it uses the same webkit exploit that was used in the pegasus iOS exploit chain). In particular, GBATemp member adrake states:
Just upgraded a new Switch from 1.0.0 to 2.1.0. Pegaswitch on console refreshing endlessly, debug log reads “Success percentage: 0.00 (100 samples). Exploit failed.”
Adrake went the extra mile to check that the changes in the open source parts of the Switch firmware look like they could be related to patching the exploit.
The last known vulnerable firmware for this pegaswitch webkit exploit is firmware 2.0. With that being said, the usefulness of that exploit is debatable at this point, given that hackers have barely started to scratch the surface of the device, and no tools exist at the moment for homebrew enthusiasts. Then again, I myself got a Switch, and for now it will stay on its current firmware unless I’m given a very good reason to update.