IT Security company Intrepidus Group has released details
of a preliminary report on webOS security vulnerabilities. In short, the groups researchers were quite alarmed by the ease, number and scope of security issues that plagued their tested build of webOS. The group has posted details about a SMS vulnerability that affected webOS v1.3.5. They demonstrate that with a single text message, the researcher was able to control the browser, send malicious commands and turn off the radio of a webOS device with a relatively common exploit.
The group has also posted a video demo of the exploit in action. (embedded after the break) It should be noted that Palm Inc. has corrected this very issue in the latest version (v1.4+) of webOS. This story was originally picked up and popularized by CNBC, which colors this story with the Palm is for sale meme complete with a corpspeak response from Palm.