View Single Post
Old 04-14-2012, 02:31 PM   #1
eureka
but forgot what it's like
eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.
 
Posts: 712
Karma: 2290994
Join Date: Dec 2011
Location: north (by northwest)
Device: Kindle Touch
[Kindle Touch] Scriptable browser plugin included in 5.1.0

5.1.0 has introduced NPAPI plugin /usr/lib/libkindleplugin.so (symlinked to /usrl/lib/browser/plugins/libkindleplugin.so) which is used by system-wide WebKit engine.

It is scriptable plugin, so webpage can embed it and invoke it's "exported" native methods.

To embed:
Code:
<embed type="application/kindle-chrome-scriptable-plugin">
I gave enough information for googling about how to invoke methods of this embedded plugin.

So far, I've found following "exported" properties and methods:
  • property test (it just returns number 500)
  • method dev.log
  • method lipc.set
  • method lipc.get
  • method todo.scheduleItems
I don't know anything about parameters of these methods and don't know whether they produce sensible result at all. But if they are working, then OH-OH!, it could be dangerous, because it could be used by any website (yes, this plugin is accessible from Web Browser).

I hope someone more proficient in understanding of disassembled ARM C++ code will share more information about plugin's methods usage.

To disable plugin, just change extension of symlink in /usr/lib/browser/plugins (or remove this symlink). I believe, it will be sufficient.

UPD On 23 Jul 2012 Amazon made available update to 5.1.2 which must be applied over 5.1.0 or 5.1.1. Amongst other changes, 5.1.2 deletes NPAPI plugin /usr/lib/libkindleplugin.so, symlink /usrl/lib/browser/plugins/libkindleplugin.so and directory /usr/lib/browser, thus eliminating possible remote attack vector.

Last edited by eureka; 07-30-2012 at 05:49 AM. Reason: hooray, there is official update addressing possible security issue
eureka is offline   Reply With Quote