Incidents

70 != > 69

I was reading a blog post from a fellow researcher at Symantec about the Nintendo Wii being vulnerable to the recently published flash vulnerability.

As explained in the post it’s the Opera browser with its flash functionality that is vulnerable. I found the fact that the Wii crashed very strange and decided that I wanted to reproduce the issue. Why?

Because when you use your up-to-date Wii and surf to Adobe’s Flash player version checker it says that version 7.0.70.0 is installed.

Now when we take a look at Adobe’s security bulletin we can see that 7.0.69.0 and earlier is vulnerable to this FLV exploit.

Some further looking around says that 7.0.70.0 fixes the FLV security issue.

The Wii’s 7.0.70.0 Flash Player version predates the same version number on other platforms, although I don’t know by how much. Clearly the Wii’s 7.0.70.0 version is not equal to that on the other platforms.

Looking at Adobe’s web pages the Wii is never mentioned. So I think that it was more or less forgotten. If it hadn’t been the new build would probably have been called 7.0.71.0 and not 7.0.70.0 to make sure there was no mix-up.

Even though there may be no malware for the Wii at present, it’s still vulnerable to a denial of service when browsing the web.

I can only hope that Adobe releases an update for the Wii as well. Although that may actually be in Opera’s and/or Nintendo’s hands.

70 != > 69

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox