Palm WebOS update fixes Pre Vulnerabilities
Palm has release a security update for the webOS operating system for the Palm Pre. It should stop the system from crashing when a user clicks on over long URLs; greater than 4063 characters. It may be possible to exploit this flaw by creating a crafted URL that could inject code into the device. Links may be distributed through some email, AIM, SMS and other channels on the device.
The cause of the problem is not precisely identified, but is related to errors in the LunaSysMgr process. The error was found in webOS 1.0.3 and fixed in version 1.0.4. Palm also found a vulnerability with the handling of email attachments and resolved an issue with the application signature handling. Palm recommends users update to version 1.1.0, which includes all the fixes.
- Palm Pre WebOs 1.0.3+ Memory Corruption Via Long Attacker Controlled URI, blog posting from Townsend Ladd Harris
- webOS 1.0.4 release notes