Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Security firm discloses details of Amazon Fire Phone vulnerabilities

Security firm discloses details of Amazon Fire Phone vulnerabilities

2015/06/29

Securityweek - (International) MWR InfoSecurity released details on three recently patched Amazon Fire Phone vulnerabilities, including flaws in the CertInstaller package that can allow third party applications to install digital certificates to intercept encrypted traffic via man-in-the-middle attacks, and an issue with the Android Debug Bridge (ADB) in which an attacker could bypass the lock screen, steal information, add and remove applications, and access a high privilege shell on the phone.

Source: http://www.securityweek.com/security-firm-discloses-details-amazon-fire-phone-vulnerabilities

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:35