CVE-2014-3908

Name of the Vulnerable Software and Affected Versions Amazon.com Kindle application versions prior to 4.5.0

Description The issue concerns the failure to verify X.509 certificates from SSL servers, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Recommendations For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue.