Hacking Question Can someone explain me why a Web Browser exploit wouldn't work?

[Enryx25]

Switch has a hidden web browser. Why is an exploit not possible?

 

[Draxzelex]

It is possible and there are exploits that already work on it. They are just not released yet because some of them may have not been patched out yet.

 

[Kriss_Hietala]

Switchbrew.org

 

[Deleted member 191657]

Switch has a hidden web browser. Why is an exploit not possible?

Webkit exploit do work on the Nintendo Switch (the one PegaSwitch used is a good example of it), but there are two main reason why they are not (yet) the entry point of choice:
- We already have a RCM exploit (or rather two of them, but they are based upon the same vulnerability) which allow code execution at the lowest level possible
- Due to pretty good security measures that Horizon takes (including ASLR which is a pain in the butt) escalating from user-space using a WebKit exploit is no easy feat (it still can be done)

We will probably see new and creative entry-points (probably based on WebKit) as soon as a new hardware revision (see Mariko) fixes the RCM exploit.

Sources and good reads:
https://github.com/reswitched/pegaswitch (Exploitation suite for Switches <= 3.0.0)
https://nvd.nist.gov/vuln/detail/CVE-2016-4657 Exploit on which PegaSwitch is based upon

https://www.ktemkin.com/faq-fusee-gelee/ (Fusee-Gelee, RCM exploit for any first-gen Switch)
https://github.com/fail0verflow/shofel2 (Shofel2, RCM exploit for any first-gen Switch)

http://switchbrew.org/index.php?title=Main_Page (Switchbrew, a great community driven Wiki for Switch hacking)

 

[CoolerSugar955]

Switch has a hidden web browser. Why is an exploit not possible?

Theres no easily accessible web browser

 

[link42586]

u can access the web browser with rocket league when u click on the articles on the right of the main menu..worked on 4.1.0 I figured someone would use that at some point but it's never A thought it seems.

 

[r5xscn]

I think the people who know the exploits are keeping it for a later hardware revision where RCM is patched. Its better save the exploits for later use than getting patched now and search for more later.

 

[IPLbug]

I think the people who know the exploits are keeping it for a later hardware revision where RCM is patched. Its better save the exploits for later use than getting patched now and search for more later.

There a reason why 0 day exploits are so well kept from the public for private use only. The WebKit will be patched completely in the new Mariko hardware with a version update pre installed. The problem right now is the scene burned out a lot of exploits to fast exposing to Nintendo what little holes there OS had it pretty easy to see how moving forward exploits will become a lot harder to find and escalate. This is my speculation from what documentation was released along with the rcm exploit.