Three vulnerabilities in Amazon Kindle e-reader allow remote attackers to execute code and run it as root. Realmode Labs researcher found that it was possible to email malicious e-books to the devices via the Send to Kindle feature to start a chain of attack. He earned him $18,000 from the Amazon bug-bounty program. The attack, dubbed KindleDrip, could be used to siphon money from unsuspecting users. The Kindle web browser supports the use of an obscure image format called JPEG XR to booby-trap the e-book.
Source: https://threatpost.com/amazon-kindle-attack-email/163282/