Incidents

70 != > 69

I was reading a blog post from a fellow researcher at Symantec about the Nintendo Wii being vulnerable to the recently published flash vulnerability.

As explained in the post it’s the Opera browser with its flash functionality that is vulnerable. I found the fact that the Wii crashed very strange and decided that I wanted to reproduce the issue. Why?

Because when you use your up-to-date Wii and surf to Adobe’s Flash player version checker it says that version 7.0.70.0 is installed.

Now when we take a look at Adobe’s security bulletin we can see that 7.0.69.0 and earlier is vulnerable to this FLV exploit.

Some further looking around says that 7.0.70.0 fixes the FLV security issue.

The Wii’s 7.0.70.0 Flash Player version predates the same version number on other platforms, although I don’t know by how much. Clearly the Wii’s 7.0.70.0 version is not equal to that on the other platforms.

Looking at Adobe’s web pages the Wii is never mentioned. So I think that it was more or less forgotten. If it hadn’t been the new build would probably have been called 7.0.71.0 and not 7.0.70.0 to make sure there was no mix-up.

Even though there may be no malware for the Wii at present, it’s still vulnerable to a denial of service when browsing the web.

I can only hope that Adobe releases an update for the Wii as well. Although that may actually be in Opera’s and/or Nintendo’s hands.

70 != > 69

Your email address will not be published.

 

Reports

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

APT trends report Q2 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox