Palm recently put out a new patch that addresses a vulnerability that I had discovered back on June 17th 2009 in the new WebOS for the Palm Pre. In my first disclosure to them, I included one critical issue and 2 minors issues.
After some quick testing last night, the critical issue was fixed, however I have a potential new one that I will be sending to them today once confirmed.
The Patch notice: (My name is halfway down under 1.0.4)
Palm Patch Notes
To show Palm's commitment to security, I wanted to show you the time line of events surrounding my disclosure and the rapid response.
6-16-2009 Critical Vulnerability discovered and validated
6-17-2009 Palm contacted to setup meeting/discussion
6-18-2009 New minor vulnerabilities found
6-21-2009 Palm contacts me, I send full disclosure to them
6-23-2009 Brian Hernacki contacts me and verifies critical issue states will be patched
6-29-2009 Vulnerability is patched
I have not included any specific details on the matter from WebOS 1.0.3 as I have been asked to wait until more people are completely patched.
That being said, when given the green light, I will provide more details on the matter.
-Ladd
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment