One developer, who goes by the handle qwertyoruiop on Twitter, has demonstrated that the console ships with months old bugs in its WebKit browser engine. These bugs allow for arbitrary code execution within the browser.
These bugs attracted attention last year because they were used to hijack an iPhone used by a political dissident in the United Arab Emirates. The bugs could allow attackers to steal call histories, texts, contacts and calendar information, and messages from apps like Gmail and WhatsApp. Apple patched them in iOS 9.3.5 in August of 2016.
While the potential impact of these vulnerabilities for Switch users is low, the question is how a new device could have left the factory with such an ancient bug. WebKit is present on the system for logging into public Wi-Fi hotspots, and, with some cajoling, you can use it to browse your Facebook feed.
Hackers could use it to jailbreak and run homebrew software on the Switch, but the exploit doesn't look like it provides kernel access. However, it is early days yet and finding holes in the Switch is what hackers do. The fact Nintendo made it so easy for them does not bode well about what else they will find.
The flaw suggests that Nintendo's software development practices have room for improvement and is just yet another hole in the Switch project.