The H Security reports that a vulnerability in Amazon's Kindle Touch allows an attacker to execute arbitrary shell commands as root.
"For example, if a hacker embedded the right commands in a webpage, they could erase your Kindle," writes The Digital Reader's Nate Hoffelder. "There’s also a chance that the hacker might be able to get at the credentials for your Amazon account."
"The exploit, which was originally detailed on a mobile development forum in May, has already been tested by the team over at h-online and their German counterparts heise Security," writes The Next Web's Matt Brian. "They created a proof-of-concept script that could copy a file that contains the root user’s password hash, allowing them to unlock the plain text password using a password cracker. Given that the current firmware (version 5.1.0) is installed on the majority of Kindle Touch devices sold across the world, any website that runs the script could potentially gain access to a user’s account details."
"Amazon Inc. responded to heise Security that they're working on a patch," writes ZDNet's Dancho Danchev. "Unfortunately, the patch cannot by pushed to Kindle Touch users and they would have to personally issue the update on their devices."