If you looked on Twitter yesterday you might’ve noticed a tweet by Twitter User @daeken which warned everyone to not update to Switch Firmware 3.0.1 if they want Switch Hax.
— Cody Brocious (@daeken) August 17, 2017
This has now been confirmed by more people of the scene together with a short description of this amazing bug which was in a way also present on the 3DS up to Firmware 7.0. Funny to see Ninty still doing old mistakes.
Switch 3.0.1 fixed sm:h/smhax https://t.co/D1XoXcPyoe — bug that allows for access/registration/unregistration to/of any arbitrary service.
— Michael (@SciresM) August 17, 2017
fun fact about the "huge bug" that was fixed on switch in 3.0.1: 3ds had a similar one, used by gateway and not fixed until around fw 7.0
— smea (@smealum) August 17, 2017
Here is the Description and successful exploitation result from switchbrew:
|Summary||Description||Successful exploitation result||Fixed in system version||Last system version this flaw was checked for||Timeframe this was discovered||Public disclosure timeframe||Discovered by|
|sm:h, smhax, probably other names (SM:Initialize() not checked)||Prior to 3.0.1, the service manager (“sm”) built-in system module treats a user as though it has full permissions if the user creates a new “sm:” port session but bypasses initialization.In 3.0.1, “sm” returns error code 0x415 if Initialize has not been called yet.||Acquisition, registering, and unregistering of arbitrary services||3.0.1||3.0.1||April 2017||August 17, 2017||Everyone|
As you can see this was a huge bug that which, as described by @hedgeberg, is nearly as good as full kernel control.
Save editing, and many, many other things. Every service can be accessed. It's the next-best-thing to a full kernel pwn.
— hedge.o (@hedgeberg) August 17, 2017
So if you haven’t updated your Switch just yet but want to be able to use SwitchHax sooner or later do NOT update your Switch. If anything new is found out, I’ll post it as soon as I can.
Source: All the Devs mentioned here on Twitter