It's old news already, but I'd like to see them here for completeness.
Update to 5.1.2
(amongst other changes) deletes NPAPI plugin /usr/lib/libkindleplugin.so
, symlink /usrl/lib/browser/plugins/libkindleplugin.so
and directory /usr/lib/browser
, thus eliminating possible remote attack vector.
I didn't update to 5.1.2
yet, so I can't confirm, whether setting of LIPC property of com.lab126.system
still allow executing of arbitrary shell code. Anybody willing to check? (Anyway, it's a minor nuisance, as without browser plugin there is no more obvious remote access to KT.)
BTW, owners of Ubisoft games with Uplay, beware: installation procedure creates a browser plugin
for it's accompanying uplay launcher, which grants unexpectedly wide access to websites