I. Description
The Palm Pre WebOS <=1.1 suffers from a JavaScript injection attack
that allows a malicious attacker to access any file on the mobile
device.
Palm has patched this vulnerability and all users are recommended to upgrade to WebOS version 1.2+.
Palm WebOS 1.2 patch information can be found here:
http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12
II. Impact
A specially crafted email can access any file on the Palm Pre WebOS
version <=1.1 mobile device and send it to a web site of the
attacker's choice just by viewing the email.
III. Details
The Palm Pre WebOS 1.1 and lower will parse and execute JavaScript
contained in an email it receives. Exploiting this vulnerability allows
an attacker to read/extract any file and post it
...
Read more »