Tuesday, 24 July 2007

Symantec warns of new exploit with Flash technology

Yesterday, Symantec warned of a security exploit that can crash Nintendo's Wii gaming console. The problem concerns the use of Flash files on the game console. Adobe patched the Flash flaw on July 12, but the Opera browser used by the Wii is still vulnerable and can cause severe problems. Liam O'Murchu of Symantec's Security Response team said "the most interesting thing is that it is a cross-platform vulnerability."

O'Murchu added that "due to the fact that Flash can run in different browsers and on different platforms, the discovery of this single security vulnerability could leave all Flash-enabled operating systems and devices open to the attack, including some advanced smartphones."

"The vulnerability has already been tested on Windows, Apple Mac OSX, and some Linux distributions, but many other devices that are Flash-enabled could also be affected by the problem as well," said O'Murchu.

The malware to exploit the flaw in a Windows environment has been posted on a popular exploit web site and makes use of specially crafted .FLV Flash files.

Such files can be uploaded to popular video sharing sites and the Symantec team has warned such sites to begin scanning for corrupted files.

As a matter of fact, a video of the security flaw in action has been posted on the YouTube site.

link to web design company guide

No comments: