webOS 1.4.x and 2.0 found to contain several security holes

Alex Wagner
Editorial Director of News and Content from  Omaha, NE
| November 26, 2010

Palm Pre 2

Both Android and iOS were victims of a security flaw with the past month or so, and now webOS has joined the club with a bug of its own.  A couple of researchers at SecTheory have found some flaws with webOS 1.4.x (versions 1.4.0-1.4.5), explaining that the platform is more vulnerable than others thanks to the way that Palm has opted to "ease application development."  Palm has already patched one of the issues  with the "Contacts" app in webOS 2.0.  Still, the researchers say that there are other holes, like denial-of-service and cross-site scripting issues, still present in webOS 2.0.

As PreCentral points out, Palm traded off some of the security of webOS for ease of use and development, and now some of the consequencies of that trade have been brought to light.  While it's nice to know that the flaw with the "Contacts" app has been patched in webOS 2.0, the majority of webOS users are still on 1.4.5, and it's not clear how long it'll be before they're actually brought up to date with version 2.0.  I'm sure that Palm wants to get these holes patched up as quickly as possible, especially now that the spotlight is shining on them.  May I suggest expediting the release of webOS 2.0?

Via PreCentral, Darkreading