Sunday, August 23, 2009

SMS injection

I can now inject arbitrary data into SMS fields that cause some fun rendering issues when viewing them, however nothing that is extremely exciting. I need to take a step back and see how I can interact with Mojo from an app standpoint and will continue to tear apart WebOS now that some of the low hanging fruit has been released. Be patient though, a very exciting vulnerability disclosure may get released by me, hopefully the patch is going to get released this week (rumor only).

I currently have two vulns for versions WebOS 1.1 and lower that have yet to be published and I have created a movie demonstrating each of them and. They be released whenever palm puts out the patch. Palm is very odd in not letting me know as to when the patch is going to be released so I can put out my advisories.....

-Ladd

No comments:

Post a Comment