In association with heise online

29 November 2010, 15:24

More holes in Palm's WebOS

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Palm Logo Researchers Orlando Barrera and Daniel Herrera, who both work for security firm SecTheory, have discovered a gaping security hole in Palm's WebOS smartphone operating system. According to a report from Dark Reading, the experts found the critical hole in the Contacts application of WebOS 1.4.x. Entries in the "Company" field can apparently be exploited to inject malicious code. Barrera and Herrera managed to access such personal data as victims' emails, email addresses and contacts, and were even able to install a key logger.

Although HP, which bought WebOS when acquiring handheld pioneer Palm, has reportedly fixed the problem in version 2.0 of the mobile operating system, the corrected version is currently only available as a beta. Barrera and Herrera have already found further holes in this version, for instance a floating point overflow, a denial-of-service (DoS) hole and various cross-site scripting (XSS) vulnerabilities.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1143928
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit