Symantec warns of Wii flaw
/v3-uk/news/1953333/symantec-warns-wii-flaw
23 Jul 2007, Iain Thomson , V3
Symantec has warned of an exploit in circulation that can crash Nintendo's Wii gaming console.
The problem concerns the use of Flash files on the console. Adobe patched the Flash flaw on 12 July, but the Opera browser used by the Wii is still vulnerable.
"The most interesting thing is that it is a cross-platform vulnerability," said Liam OMurchu from Symantec's Security Response team.
"Due to the fact that Flash can run in different browsers and on different platforms, the discovery of this one vulnerability could leave all Flash-enabled operating systems and devices open to the attack, including some advanced smartphones.
"The vulnerability has already been tested on Windows, Apple Mac, and some Linux distributions, but many other devices that are Flash-enabled could be affected by the problem too."
The malware to exploit the flaw in a Windows environment has been posted on a popular exploit website and uses specially crafted .FLV Flash files.
These can be uploaded to popular video sharing sites and the Symantec team has warned such sites to begin scanning for corrupted files.
A video of the flaw in action has been posted on YouTube.
Do you agree?
flaw
it's a wii flaw since the flaw was fixed on the next versions of flash but since wii uses an older version of flash the flaw isn't fixed
Posted by Christos Stylianou, 27 Jul 2007
so...
So is this every piece of software that plays flash movies or is it specifically the Wii?
If it's not specifically the Wii, why do you specify it in the title?
Posted by creatorswhim, 24 Jul 2007
Remote Code Execution
Is there anyway that this exploit can inject arbitrary code onto the stack? If so, this could be a gateway to create a software based mod on the Wii!
Posted by WiiCare, 12 Sep 2007