Palm Developer Center

Palm Developer Center Blog

webOS 1.0.4 Released to Address Security Vulnerability

Comments (5)

June 29 — Topics: PDN, Security — brianh

If you’ve been following some of the work on the predevwiki site, you may have noticed a recent post (http://predev.wikidot.com/installing-apps-without-rooting) about how email links can be used to install arbitrary packages to Pre. The issue has been corrected and an update is available, and we encourage all customers to apply the update at their earliest convenience.

This is a good opportunity to point people to http://www.palm.com/us/company/security/index.html on our web site. We have contact information there for reporting security-related issues and appreciate it when people reach out to us. We try to stay on top of the forums and sites, but proactive notification helps make webOS a better and safer platform. We always appreciate the work the developer community does and the efforts made by folks to report such issues.

Brian Hernacki
Chief Security Architect, Palm Inc.
brian.hernacki@palm.com

5 Comments

  1. Aww… I kind of liked this security vulnerability. hehe.

    Austin June 29, 2009 @ 10:47 am Permalink

  2. I’m glad that you guys patched that security hole, but I’m equally glad that Palm is being so candid about things like this! Apple would have just disguised the update as a new feature or would have bundled a cool new feature with the update.

    It is posts like this that show great promise for the webOS platform.

    Kansei June 29, 2009 @ 2:00 pm Permalink

  3. Fixing a security hold like this is very important, but what is Palm doing to bring the legit apps that were relying on this to users? In addition to fixing the security hole, you need to immediately provide a way to bring things like the notification app to people that want it.

    Jeff June 29, 2009 @ 2:09 pm Permalink

  4. I appreciate the reason for the fast lock-down, as it is certainly a security hole, but the demand is there to get more 3rd party apps in the pipeline. As a developer that signed up the first week the Early Access program was announced, and has been cooling his heels patiently since, I understand the frustration that leads folks to develop hacks for getting their apps installed. Please ramp up acceptance of developers the program (and if you see my name on the list, feel free to move it up), and then the acceptance of apps, much faster than you’ve been doing so far. :-)

    Chris Hobbs June 29, 2009 @ 3:15 pm Permalink

  5. There is a pdf reader in the pre software, but if there is a .pdf file on the internet, my pre won’t open it. The SF Cartrain schedule can’t be opened. There is a Palm OS
    version can’t be opened either.

    Earl Dolnick July 24, 2009 @ 1:20 pm Permalink