logo
DATABASE RESOURCES PRICING ABOUT US

Kindle Touch a remote code execution vulnerability-vulnerability warning-the black bar safety net

Description

I don't know if amazon kindle fans? Recent foreign media reports, the Kindle Touch appears a remote executable code vulnerabilities. For Kindle Touch 5.1.0 firmware version, you can remotely execute code, The/etc/shadow file is sent to the specified[web server](<http://www.myhack58.com/Article/sort099/sort0100/Article_100_1.htm> a). Vulnerability relates to the/usr/lib/libkindleplugin. so plug-in, Kindle Touch built-in browser WebKit will use the plug-in. When the user browse a specific web page, it will with root privileges to execute specially crafted code. The current amazon is also not related to the patch. May be in the next version of the firmware upgrade in the repair. A temporary fix may refer to: mntroot rw && mv /usr/lib/browser/plugins/libkindleplugin. so /usr/lib/browser/plugins/libkindleplugin. so. disabled && mntroot ro && killall wafapp in fact as long as the relevant notes Kindle Touch user should know, already have the jailbreak methods can be directly into the Kindle's root. A variety of optimization Chinese font method are built on jailbreak basis. So this time the emergence of the“remote executable code vulnerability”is more of a alternative“remote”jailbreak method. And it should be very less users use the Kindle Touch to browse the web, because the user experience is not very good. However, still need to use the Kindle Touch users pay attention to safety.