I was reading a blog post from a fellow researcher at Symantec about the Nintendo Wii being vulnerable to the recently published flash vulnerability.
As explained in the post it’s the Opera browser with its flash functionality that is vulnerable. I found the fact that the Wii crashed very strange and decided that I wanted to reproduce the issue. Why?
Because when you use your up-to-date Wii and surf to Adobe’s Flash player version checker it says that version 18.104.22.168 is installed.
Now when we take a look at Adobe’s security bulletin we can see that 22.214.171.124 and earlier is vulnerable to this FLV exploit.
Some further looking around says that 126.96.36.199 fixes the FLV security issue.
The Wii’s 188.8.131.52 Flash Player version predates the same version number on other platforms, although I don’t know by how much. Clearly the Wii’s 184.108.40.206 version is not equal to that on the other platforms.
Looking at Adobe’s web pages the Wii is never mentioned. So I think that it was more or less forgotten. If it hadn’t been the new build would probably have been called 220.127.116.11 and not 18.104.22.168 to make sure there was no mix-up.
Even though there may be no malware for the Wii at present, it’s still vulnerable to a denial of service when browsing the web.
I can only hope that Adobe releases an update for the Wii as well. Although that may actually be in Opera’s and/or Nintendo’s hands.