Eureka

**Name of the Vulnerable Software and Affected Versions** Amazon Kindle Touch versions prior to 5.1.2 **Description** The issue is related to improper access restriction to the libkindleplugin.so NPAPI plugin interface. This might allow remote attackers to have an unspecified impact via vectors involving the `dev.log`, `lipc.set`, `lipc.get`, or `todo.scheduleItems` method. **Recommendations** For Amazon Kindle Touch versions prior to 5.1.2, update to version 5.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the libkindleplugin.so NPAPI plugin interface until a patch is available. Avoid using the `dev.log`, `lipc.set`, `lipc.get`, or `todo.scheduleItems` method in the affected plugin interface until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** com.lab126.system versions prior to 5.1.2 **Description** The issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string. This can be demonstrated by using lipc-set-prop to set an LIPC property. **Recommendations** For versions prior to 5.1.2, update to version 5.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sendEvent implementation to minimize the risk of exploitation. Avoid using shell metacharacters in strings passed to the sendEvent implementation until the issue is resolved.