According b.fl7.de site, the library “Manage Your Content and Devices” from Amazon Kindle contains a security flaw that allows Cross Site Scripting attacks.
Quite simply, an attacker can inject malicious JavaScript into the metadata of the document. For example:
& lt; script src = “https://www.example.org/script.js” & gt; & lt; / script & gt;
After that the person attacked, reading the paper malicious, see the code running on the machine, which can lead to the transfer of cookies Amazon account to be compromised as well.
Of course, if every user that stores digital Kindle books on their computers using this library is a potential victim of the fault, the fact is that the most likely victims are those that access to books whose origin is questionable, to say the least.
Strangely this flaw was revealed in October 2013 Amazon had reported the problem corrected at the end of 2013, but the fault reappeared in later this year at an unspecified date. Amazon had been warned.
No comments:
Post a Comment