Amazon Fire OS vulnerability allows local ADB connections
CVE-2024-27350

Currently unrated

Key Information:

Vendor: Amazon
Vendor: CVE Published:; 26 February 2024

What is CVE-2024-27350?

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the (non-default) ADB Debugging option is enabled, and after the initiator of that specific connection attempt has been approved via a full-screen prompt.

References

https://www.aftvnews.com/amazon-blocks-long-running-fire-...

https://news.ycombinator.com/item?id=39496861

https://developer.amazon.com/docs/fire-tv/fire-os-overvie...

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Feb 25, 2024