Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Bookish hacker finds holes in Amazon, Apple, Google epub services

50 shades of spankworthy security

Bug hunter Craig Arendt has reported vulnerabilities in major eBook readers including those from Apple, Google, and Amazon.

The similar but separate XML external entity (XXE) flaws also impact all online epub ebook services that use the popular epubcheck library that ensures good format conversions into the universal epub book format.

"[I] applied a familiar XXE pattern to exploit services and readers that consume the epub format [and exploited] vulnerabilities in EpubCheck, Adobe Digital Editions, Amazon KDP, Apple Transporter, and Google Play Book uploads," Arendt says.

"The validator tool (EpubCheck) was vulnerable to XXE, so any application that relies on a vulnerable version to check the validity of a book would be susceptible to this type of attack."

The named vendors have applied patches preventing the possible information disclosure and denial of service conditions.

Arendt (@craig_arendt) says the Amazon KDP Kindle file upload service designed to help publishers upload their books suffered from a XXE flaw that could allow attackers to steal books and data.

Apple's Transporter which ships books to the App Store was also affected.

In one instance Arendt accidentally grabbed the shadow password file for one unnamed service using the vulnerable EpubCheck library.

Google Play Books was not vulnerable to XXE but was to the XML exponential entity expansion mess, a flaw that leads to denial of service through an explosive growth of parsed data.

Other services permit Java and Flash, and as a result likely more brutal exploits. Arendt says he will disclose further attacks once the vendors have issued patches. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like