I was reading a blog post from a fellow researcher at Symantec about the Nintendo Wii being vulnerable to the recently published flash vulnerability.
As explained in the post it’s the Opera browser with its flash functionality that is vulnerable. I found the fact that the Wii crashed very strange and decided that I wanted to reproduce the issue. Why?
Because when you use your up-to-date Wii and surf to Adobe’s Flash player version checker it says that version 184.108.40.206 is installed.
Now when we take a look at Adobe’s security bulletin we can see that 220.127.116.11 and earlier is vulnerable to this FLV exploit.
Some further looking around says that 18.104.22.168 fixes the FLV security issue.
The Wii’s 22.214.171.124 Flash Player version predates the same version number on other platforms, although I don’t know by how much. Clearly the Wii’s 126.96.36.199 version is not equal to that on the other platforms.
Looking at Adobe’s web pages the Wii is never mentioned. So I think that it was more or less forgotten. If it hadn’t been the new build would probably have been called 188.8.131.52 and not 184.108.40.206 to make sure there was no mix-up.
Even though there may be no malware for the Wii at present, it’s still vulnerable to a denial of service when browsing the web.
I can only hope that Adobe releases an update for the Wii as well. Although that may actually be in Opera’s and/or Nintendo’s hands.