Intrepidus Group researchers this week announced that they have found a series of HTML injection vulnerabilities in Palm’s WebOS. The vulnerabilities enable attacks using simple SMS text messages.
To become attacked, users just have to read the SMS message, which was detailed in a video from Intrepidus which demonstrates the vulnerabilities. The WebOS platform itself is essentially a web browser, and its applications are based on HTML and JavaScript.
Intrepidus stated that these type of vulnerabilities are common in mobile platforms, as many application vendors rush their apps to market while working out the problems as they occur.