Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Amazon fixes security flaw in Kindle ebooks

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 17 Sep 2014 10:34:11 +0000 (UTC)
http://www.itpro.co.uk/security/23124/amazon-fixes-security-flaw-in-kindle-ebooks

By Clare Hopping
IT Pro
17 Sep, 2014
Amazon has responded to complaints about malware present on Kindle ebooks by fixing the security flaw.
Yesterday, it was revealed that some ebooks downloaded from the internet were installing malware on the ereader, meaning hackers could potentially gain access to users' Amazon accounts or personal details for identity fraud purposes.
Security researcher Benjamin Daniel Mussler uncovered the flaw and said Amazon was very much open to a cross-site scripting attack.
The issue is not thought to affect people who buy their books from Amazon, but could arise if they use an illegal download or untrustworthy ebook site. 

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: