Advisory Details

This vulnerability allows remote attackers to transmit unencrypted traffic on the Amazon App Store. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

All the HTML content within the Amazon App Store is transmitted over HTTPS and URIMatchers. The URIMatchers do not limit traffic to only HTTPS; Therefore, it is possible to request traffic over HTTP. An attacker can chain this vulnerability with other vulnerabilities to install malicious applications.

There was not an advisory posted and no patch required, the issue was fixed server side.

• 2014-11-12 - Vulnerability reported to vendor
• 2015-04-29 - Coordinated public release of advisory