View Single Post
Old 07-30-2012, 06:07 AM   #26
eureka
but forgot what it's like
eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.eureka ought to be getting tired of karma fortunes by now.
 
Posts: 713
Karma: 2290994
Join Date: Dec 2011
Location: north (by northwest)
Device: Kindle Touch
It's old news already, but I'd like to see them here for completeness.

Update to 5.1.2 (amongst other changes) deletes NPAPI plugin /usr/lib/libkindleplugin.so, symlink /usrl/lib/browser/plugins/libkindleplugin.so and directory /usr/lib/browser, thus eliminating possible remote attack vector.

I didn't update to 5.1.2 yet, so I can't confirm, whether setting of LIPC property of com.lab126.system still allow executing of arbitrary shell code. Anybody willing to check? (Anyway, it's a minor nuisance, as without browser plugin there is no more obvious remote access to KT.)

BTW, owners of Ubisoft games with Uplay, beware: installation procedure creates a browser plugin for it's accompanying uplay launcher, which grants unexpectedly wide access to websites.
eureka is offline   Reply With Quote