Security researchers from heise Security have created a proof-of-concept code for a remotely exploitable security vulnerability affecting Amazon's Kindle Touch 5.1.0 firmware.
The demo allows arbitrary shell commands to be injected into a Kindle Touch, allowing the security researchers to create a script where the Kindle sent back a copy of /etc/shadow to a heise Security web server.
Apparently, the security issue has been known for over three months now. Amazon Inc. responded to heise Security that they're working on a patch. Unfortunately, the patch cannot by pushed to Kindle Touch users and they would have to personally issue the update on their devices.
Find out more about Dancho Danchev at his LinkedIn profile.