Wednesday, July 1, 2009

Palm Contacts Me

So, Palm contacted me back and informed me that the two vulnerabilities I had found were "known issues" and already fixed in an/the upcoming patch. What is interesting about this is I only reported one bug to Palm and I received an email stating that "these" were already fixed, so I guess he read my blog update last night when I first reported two new bugs =p, Hi Brian!!. Just to clarify, I will not usually quote email traffic/dialog on vulnerabilities I have, but that was interesting.

I must say, that I had spent 1 hour (since the update crashed my Pre) the night 1.0.4 WebOS update was released and figured out that a new bug existed. I then reported the new bug to palm the next day after lunch (EST). I then spent 2-3 hours last night deciphering what the bug meant and narrowing its scope enough to provide a very accurate way to reproduce it. So I guess I was surprised to be told that it had already been fixed.

Upon further review last night, it seems my original bug was not "completely" fixed and I will not be able to release any information on it as it directly relates to the new bugs that I reported. Since Palm is fixing my new bugs (no credit on these) in an upcoming release I will hold off information on them as well.

Back to Fuzzing =p


No comments:

Post a Comment