That’s saying nothing of innovations like color e-ink and stylus support. These more versatile devices generally run Android, meaning that they can access Kindle libraries via Amazon’s app on top of easily loading up DRM-free files. Meanwhile competitors like Onyx, Xiaomi, and Pocketbook have been offering tons of new tech and form factors. Kindle models have iterated in teeny-tiny increments for years, only gaining USB-C charging support on the latest models.
This is entirely speculative on my part, but it seems to me that the widening market of ebook readers is making Amazon sweat a little. Amazon announced support for ePub files in the Send To Kindle and Kindle Documents Service earlier this year. Amazon Kindle: For those who purchased a Kindle edition from Amazon. An analogy might be the Sony-branded MP3 players from the early 2000s which didn’t actually play MP3s, instead insisting users convert all their music to the proprietary ATRAC format. Premium Edition eBook and Practice Test directly from the Cisco Press website. This is made possible, thanks to a heap overflow vulnerability in the PDF rendering function (CVE-2021-30354), which can be leveraged to gain arbitrary write primitive, and a local privilege escalation flaw in the Kindle application manager service (CVE-2021-30355) that enables the threat actor to chain the two flaws to run malware-laced code as a root user.Kindle refusing to allow easy use of the most common open digital book standard was a glaring downside to Amazon’s mostly-closed system. The problem resides in the firmware's e-book parsing framework, specifically in the implementation associated with how PDF documents are opened, permitting an attacker to execute a malicious payload on the device. Heap overflow vulnerability in the JBIG2Globals decoding algorithm Upon responsibly disclosing the issue to Amazon in February 2021, the retail and entertainment giant published a fix as part of its 5.13.5 version of Kindle firmware in April 2021.Īttacks exploiting the flaw commence by sending a malicious e-book to an intended victim, who, upon opening the book, triggers the infection sequence sans any interaction, allowing the bad actor to delete the user's library, gain full access to the Amazon account, or convert the Kindle into a bot for striking other devices in the target's local network. In other words, if a threat actor wanted to single out a specific group of people or demographic, it's possible for the adversary to choose a popular e-book in a language or dialect that's widely spoken among the group to tailor and orchestrate a highly targeted cyber attack.
0 kommentar(er)
