Wii gets Flashed by a bug too!

[Symantec]

Wii gets Flashed by a bug too!
<p>There have been lot of rumours and discussions about the recent <a href="http://www.securityfocus.com/bid/24856">Adobe Flash Player Remote Code Execution </a>vulnerability. The most interesting thing is that it is a cross-platform vulnerability. Due to the fact that Flash can run in different browsers and on many different platforms, the discovery of this one vulnerability could leave all those operating systems and devices that are Flash-enabled open (e.g., including some advanced smartphones) to the attack.</p>

<p>The vulnerability has already been tested on Windows, Apple Mac, and some Linux distributions, but many other devices that are Flash-enabled could be affected by the problem too. For example, we verified that the Nintendo Wii gaming console is also affected. Wii has an Internet channel that runs a special version of the Opera browser with Flash, and yes… we verified that it is affected by the problem too! The Wii console completely hangs while browsing a specially crafted video. Security Response posted <a href="http://www.youtube.com/watch?v=seZYSor_7T8">this video</a> that shows the different effects of this bug on different platforms, including Windows, Apple Mac and finally Nintendo Wii:</p>

<p><object width="366" height="300"><param name="movie" value="http://www.youtube.com/v/seZYSor_7T8"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/seZYSor_7T8" type="application/x-shockwave-flash" wmode="transparent" width="366" height="300"></embed></object></p>

<p>The vulnerability discovered affects .FLV files, the video file format used by Flash. This file format has recently become hugely popular due to the success of YouTube.com and other such sites that use this file format to show their videos. This in itself presents another danger due to the fact that malicious .FLV files can be uploaded to video hosting sites, at which point anyone who attempts to watch that video using a vulnerable flash player will be affected. </p>

<p>Ultimately this means that the creator of the malicious flash file does not even need to host the file on his own server. Instead he can upload it to any video hosting site, and then send his victims a link to that legitimate site. There’s already a proof-of-concept video to test the vulnerability and crash many browsers uploaded on YouTube. This situation also presents a new problem for video hosting sites themselves, who may need to scan all new content for malformed data and eventually sanitize the crafted videos.</p>

<p>While a public exploit of this vulnerability for the Windows platform was posted on a popular exploit Web site, there is no evidence of public exploits for Linux or Mac so far. Of course, the possibility of successfully executing code on Wii is still far away. But this new bug presents the console hackers with another weak point to exploit together with the old Opera SVG bug that was reported few months ago.</p>

<p>To be keep yourself safe, make sure to update your Flash Player with the latest patches from Adobe.</p>

<p>For Adobe patches, (not for your Wii) click <a href="http://www.adobe.com/support/security/bulletins/apsb07-12.html">here</a>.</p>

<p>The original advisory from Stefano Di Paola for this bug is available <a href="http://www.mindedsecurity.com/en/labs/advisories/MSA01110707">here</a>.</p>
http://www.symantec.com/enterprise/security_response/weblog/2007/07/wii_vulnerable_to_flash_vulner.html
http://www.symantec.com/enterprise/security_response/weblog/2007/07/wii_vulnerable_to_flash_vulner.html
Fri, 20 Jul 2007 07:28:16 -0800