Friday, July 10, 2009

Palm confirms my vulnerabilities

I received an email from Palm today (from Brian) and was informed that my findings are valid and were able to be replicated. It was explained to me that Palm is actively working on patching the issues and we may see them giving out some details on the vulnerabilities soon (don't hold me or Palm to this =p ).

That said, the 3 new security issues that I just found are valid, the two new issues from 1.0.4 were valid (though i believe found by internal Palm testing so no credit on these) and my original vulnerability was also valid. To that I must say, this is exciting.

Sadly no details, I am again waiting for patches and Palm to release details on each issue at their own pace.

Palm is responding very quickly and that is great for both the security world and anyone using a Palm Pre.


No comments:

Post a Comment