webOS 1.3.5 Disclosed: Version 1.4 Fixes the Security Exploit

Ack! I’m not a webOS user. But, I always dislike to read about these kind of mobile security problems. The idea that platform uses were at risk is, of course, unsettling. On the other hand, a somewhat sensationalistic story about an older version of a platform is also somewhat unsettling.

Via Slashdot: Palm WebOS Hacked Via SMS Messages

Slashdot refers to two recent articles describing the problem:

Intrepidusgroup: WebOS: Examples of SMS delivered injection flaws

ThreatPost: Palm Pwned: Researchers Hack WebOS With Text Messages

The flaw discovers, Intrepidus Group, clearly points out that the threat exists in webOS 1.3.5 while the current release is 1.4. They note that the public disclosure was delayed to give Palm a chance to fix the issue and release version 1.4. They realistically note that not all Palm webOS device owners have upgraded from 1.3.5 so some people may still be at risk. If you are one of them, you should probably consider upgrading to webOS 1.4 soon.