Thread: Kindle Touch (K5) has been rooted!
View Single Post
Old 12-11-2011, 10:57 AM   #13
yifanlu
Kindle Dissector
yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.yifanlu ought to be getting tired of karma fortunes by now.
 
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
If an attacker wants to do something malicious, you would first have to download an MP3 from them. The XSS only works with the artist, title, or album field, all of which are easily seen from a modern operating system. If you're really worried, all you have to do is check those three fields before loading any downloaded music unto your Kindle. If you see <script> in any of the fields, don't use it.

Now of course, that's if the attacker is using the same exploit. There's no telling what other holes amazon left in the device.
yifanlu is offline   Reply With Quote