Amazon Kindle RCE Attack Starts with an Email

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root – paving the way for siphoning money from unsuspecting users.

Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the “Send to Kindle” feature to start a chain of attack – a discovery that earned him $18,000 from the Amazon bug-bounty program.

“The first vulnerability allowed an attacker to send an e-book to the victim’s Kindle device,” he explained in a Thursday posting. “Then, the second vulnerability was used to run arbitrary code while the e-book is parsed, under the context of a weak user. The third vulnerability allows the attacker to escalate privileges and run code as root.”

Read more…
Source: ThreatPost