libwebp vulnerability - does it exist in the Switch and can it be exploited?

[Arumaruma]

So a critical vulnerability in a library called libwebp has appeared. Seems like a pretty big deal. It's already fixed in major browsers but the Switch hasn't had an update yet since it was found. I wonder if it can be played around with in the Switch browser?

 

[jeffyTheHomebrewer]

You might be onto something! Maybe through some DNS server we could redirect the switch's browser applet to a custom website/page with a malformed webp image and use that to somehow get CFW running?

 

[SylverReZ]

So a critical vulnerability in a library called libwebp has appeared. Seems like a pretty big deal. It's already fixed in major browsers but the Switch hasn't had an update yet since it was found. I wonder if it can be played around with in the Switch browser?

This is a very interesting discovery, similar to browserhax on the 3DS. Perhaps another softmod for the Switch without RCM?

 

[PTwr]

You might be onto something! Maybe through some DNS server we could redirect the switch's browser applet to a custom website/page with a malformed webp image and use that to somehow get CFW running?

There is DNS hack to open built-in crappy browser on Switch, but its some half useless obsolete crap.

 

[E1ite007]

Considering it causes a heap-based buffer overflow, yes it could be posible to load unauthorized code, but I doubt it would work by itself since it would load on Horzion OS, where most piracy protections are already loaded and working. It would need a way to bypass all the security measures after a reboot to enable homebrew and piracy.

It could be the begining of something.

 

[Reploid]

Well, I dunno, how handy would it be? I'm kinda used to RCM by now.

 

[linuxares]

Well, I dunno, how handy would it be? I'm kinda used to RCM by now.

Its no use for you. Its the question if this is a software method to achieve some kind of higher access

 

[M7L7NK7]

Like all browser exploits, it needs more than just itself to be useful. Pegaswitch / Pegascape still needed the RCM bug

 

[Reploid]

Like all browser exploits, it needs more than just itself to be useful. Pegaswitch / Pegascape still needed the RCM bug

Really?

 

[PTwr]

Well, I dunno, how handy would it be? I'm kinda used to RCM by now.

New Switch models are resistant to hotwire attack, and modchiping is annoying.
Unlocking homebrew on Switch OLED by just changing dns would be cool.

 

[Reploid]

New Switch models are resistant to hotwire attack, and modchiping is annoying.
Unlocking homebrew on Switch OLED by just changing dns would be cool.

Maybe it's too good to be true?

 

[masagrator]

Buffer overflow in Switch browser will cause crash. Simple as that.

You cannot execute code in HOS without setting used memory region as executable. And to do that it requires certain permissions that Switch's web browser doesn't have since Pegascape was patched.

So maybe someone will discover new softmod, but it won't work on newer FWs than PegaScape already supports.

 

[linuxares]

Buffer overflow in Switch browser will cause crash. Simple as that.

You cannot execute code in HOS without setting used memory region as executable. And to do that it requires certain permissions that Switch's web browser doesn't have since Pegascape was patched.

So maybe someone will discover new softmod, but it won't work on newer FWs than PegaScape already supports.

They really learned. I don't dare to think how the next Switch will ne

 

[proconsule54]

Very respected developers of switch scene say that will be very unlikely to find a softmod on current HOS.
This is the status. Sad but true.

 

[Morricorne]

They hack Switch with browser exploit sooner or later. But i think after new Nintendo console release. Nobody risk show new exploit. When Nintendo is still closely watching switch homebrew scene.

 

[RednaxelaNnamtra]

They hack Switch with browser exploit sooner or later. But i think after new Nintendo console release. Nobody risk show new exploit. When Nintendo is still closely watching switch homebrew scene.

The main problem is not the entry point though, the main problem is the kernel or trustzone, which both don't seem to contain any exploitable flaws.
Keep in mind that those two are the main parts of the os we want for CFW, without them not CFW.
Those two parts are also very small code wise, and only do what they need to, which makes it actually possible for developers to actually know all the code and keep it secure.
So unless by some miracle nintendo adds a big bug in a future version, its unlikely we will get anywhere, even if we find a browser exploit as entry point to trigger other exploits and get more access. So software only exploits are unlikely.
But yeah, even if someone found something, it would be much smarter to wait for the follow up console to have a starting point there.