Has another popular household electronic product been the victim of a security bug? It may be so after one security expert discovered a potential flaw in Amazon’s (NASDAQ:AMZN) Kindle Library that might be susceptible to Cross Site Scripting (XSS) attacks. This means that malicious code can be inserted into the metadata of an eBook.
According to German Internet security professional Benjamin Mussler, who published a blog post on the issue, hackers can very well exploit the vulnerability in order to view your Amazon cookies and potentially your account information, including personal addresses, order history and payment details.
If you download one of these eBooks then the code will be implemented as soon as you open the Kindle Library.
“As a result, Amazon account cookies can be accessed by and transferred to the attacker and the victim’s Amazon account can be compromised,” said Mussler, who added that anyone who uses Amazon’s Kindle Library to store eBooks or deliver them to a kindle is vulnerable to a bug.
Users who decide to use questionable sources to download eBooks are at a higher risk of being affected by the security flaw. In other words, using a piracy website to download eBooks places you at a disadvantage of being victim to the hackers.
Apparently Mussler first detected the flaw in Nov. 2013, but Amazon reportedly repaired the issue within less than a month. Mussler then rediscovered the bug in July when the online retail juggernaut released a new version of the “Mange Your Kindle” web application. Amazon did not remedy the matter as promptly as it did the previous time.
Amazon NASDAQ:AMZN responded to complaints about the possible malware and announced that it would be fixing the flaw immediately, notes ITPro.