Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Amazon Kindle for Android < 4.5.0 SSL Certificate Validation Security Bypass

Medium

Synopsis

The Android device is running a vulnerable version of Amazon Kindle.

Description

Versions prior to Amazon Kindle for Android 4.5.0 are affected by a potential man-in-the-middle vulnerability as a result of not verifying the X.509 certificates of SSL servers. An attacker may thus impersonate a server to eavesdrop or modify encrypted communication.

Solution

Update to Kindle for Android version 4.5.0, or later, from the Google Play store.