More holes in Palm's WebOS
Researchers Orlando Barrera and Daniel Herrera, who both work for security firm SecTheory, have discovered a gaping security hole in Palm's WebOS smartphone operating system. According to a report from Dark Reading, the experts found the critical hole in the Contacts application of WebOS 1.4.x. Entries in the "Company" field can apparently be exploited to inject malicious code. Barrera and Herrera managed to access such personal data as victims' emails, email addresses and contacts, and were even able to install a key logger.
Although HP, which bought WebOS when acquiring handheld pioneer Palm, has reportedly fixed the problem in version 2.0 of the mobile operating system, the corrected version is currently only available as a beta. Barrera and Herrera have already found further holes in this version, for instance a floating point overflow, a denial-of-service (DoS) hole and various cross-site scripting (XSS) vulnerabilities.
See also:
- HP Palm officially announces webOS 2.0, a report from The H.
(crve)