Palm patches WebOS snooping vulnerability

The company says it has fixed a hole that lets intruders bug calls and access other phone data with the latest release of its WebOS platform

Palm has fixed the reported snooping vulnerability that allows a specially-crafted vCard to record and transmit conversations to a remote location.

The flaw, which allows a perpetrator to control the recording of phone calls at will and sends them back to the source of the rogue vCard, was reported to Palm in May, according to Alex Fidgin, director of MWR InfoSecurity, the company that discovered the vulnerability.

In a brief updated statement, Palm contacted ZDNet UK on Friday to say that "the current version of WebOS fixes the security vulnerability reported to Palm". WebOS 1.4.5 is available to users over the air.

A Palm spokesperson had previously said the company was investigating the security risk but would "not comment on specific security enquiries".

The researchers at MWR also discovered a vulnerability in the Google Android mobile operating system that allowed the web browser to be exploited if pointed at a malicious web page, resulting in the divulgence of personal details such as usernames, passwords and other sensitive credentials.

Google says the hole was patched in version 2.2 of the Android OS, otherwise known as Froyo.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All