Security experts unearth unpleasant flaws in webOS

Researchers from security firm SecTheory have described a handful of flaws in webOS , saying that the platform — by its very nature — is more prone to these sorts of things than its major competitors because Palm puts web technologies like JavaScript closer to webOS’ core where system functions are readily accessible. At least one of the flaws, involving a data field in the Contacts app that can be exploited to run arbitrary code, has already been fixed in webOS 2.0 — but the others are apparently still open, including a cross-site scripting problem, some sort of floating-point overflow issue, and a denial-of-service vector. We imagine Palm will get these all patched up sooner or later, but as SecTheory’s guys point out, how long is it until mobile malware becomes a PC-sized problem? Security experts unearth unpleasant flaws in webOS originally appeared on Engadget on Fri, 26 Nov 2010 01:18:00 EDT. Please see our terms for use of feeds . Permalink

Posted by on November 26, 2010. Filed under News, Tech. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry