There will be no fix for a Palm Pre WebOS zero day flaw until 'Autumn'

Exclusive Don't accept those business cards

By Rob Coppinger

Tue Aug 17 2010, 05:04

SPIES CAN FEEL FREE to send malware laden business card texts to Palm's Pre smartphones because a patch to fix the flaw that allows such messages to turn the handsets into bugging devices won't be available until Autumn.

Basingstoke based MWR Infosecurity announced last week that the Palm Pre WebOS has a zero day flaw that allows the phone to be used as a recorder and transmitter for anything within range of its microphone. It seems that Palm's security systems don't use sandboxing that MWR Labs thinks could have stopped the malign SMS.

The INQUIRER learned of the lack of any patch for the problem until Autumn in an exclusive interview with MWR Infosecurity's Labs research division head of research Nils. He declined to disclose his family name, adding to the mystery.

Palm was not available for comment but in an earlier email sent to The INQUIRER it denied that the problem exists, saying, "The current version of webOS fixes the security vulnerability reported to Palm."

Go here to read about the Palm Pre's insecurities with the latest "notification" from MWR Labs. µ

"The issue that Palm has not currently addressed is the vulnerability in the vCard parsing, which was demonstrated by MWR InfoSecurity on the 11th of August. However in recent conversations with members of Palm's security team they stated that a fix is planned for Autumn 2010. Owing to the current situation users are therefore advised to exercise caution until an appropriate vendor supplied patch has been provided."

posted by : D0M1N8R, 19 August 2010 Complain about this comment

Old news already resolved

This is old news and has already been addressed but update 1.4.5

http://www.palm.com/us/company/security/index.html
"This release addresses several security issues with the Palm webOS software.

We’d like to thank Nils of MWR InfoSecurity and Chris Clark for their help in identifying the issues addressed in this release. Individuals interested in contacting Palm to report suspected security issues can find more information at palm.com/security ."

posted by : D0M1N8R, 19 August 2010 Complain about this comment

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Information Systems Direct

BUSINESS SYSTEMS DIRECTOR ...

INQ Poll

Facebook starts selling shares

Will you buy Facebook shares?

Yes, it's a great investment

Yes, I want to frame a share certificate

No, it's overpriced

No, I'm not stupid

What, Facebook sold shares? I thought it was free

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

There will be no fix for a Palm Pre WebOS zero day flaw until 'Autumn'

Share this:

Paypal high street mobile payments app hands-on [Video]

London Olympics: Westfield Stratford prepares for visitor deluge with tech innovation [Video]