14 DAY TRIAL // Sunnyvale-based mobile phone maker Palm released into the wild its latest handset, the Palm Pre, only a little more than three weeks ago, yet it already made available the first firmware updates for the device. While one of them, webOS 1.0.2, was released before the handset came to the market, the company launched the webOS 1.0.3 on June 19, and now we learn that webOS 1.0.4 has made its way to users' devices.
Unlike the previous releases, which featured a wide range of improvements for the Pre's software, the new update only comes with security fixes. “This release addresses several security issues with Palm webOS software,” is what Palm says about webOS 1.0.4 on its support page. While there are no official details on what the new update brings forth, it seems that the Pre has had some vulnerabilities that are now patched.
Unofficially, some users are reporting that the security update fixes the following issue: “Unauthorized applications could be installed without having physical access to the device.” To be more precise, it seems that the security fix patches the recently discovered homebrew application install method, which enabled users to install unofficial third-party apps via an email link. Following the discovery, some people already came up with some of the first homebrew apps for webOS, and it seems that Palm is determined to put an end to the move.
Other security issues with the Palm Pre might be there as well, and the company encourages users to report to webos-security at palm.com on any vulnerabilities they might discover, for these to be patched. “Palm encourages the practice of responsible disclosure of vulnerabilities. This means vulnerabilities are disclosed first to the vendor in order to allow the issue to be addressed before the details are made public. This practice seeks to minimize the risks to which users are exposed,” the phone maker says.