It looks like the report from Intrepidus is a little late. Due to contractual agreements, the research firm was unable to disclose the details any sooner. The news of security exploits that were released last week apply only to WebOS 1.3.5. Palm very hastily patched he operating system with most carriers by releasing version 1.4 of WebOS.
The security flaw was based around SMS messaging. The entire platform is very similar to. Web browser, so it is vulnerable to attacks called injections. Injections are when a hacker inserts lines of code into a process and they are run by the operating system as if it was supposed to be there.
What makes this so dangerous is that this particular exploit was able to be delivered remotely via text message. Version 1.3.5 did not have any safeguards in place to offer validation of the contents of the message. The result was the SMS messages executing codes that could do anything from remotely dial the hand set, to wiping all the information in the device. The actions require only basic HTML programming knowledge. The research firm sited specific examples of the exploit, but for the security of those not upgraded to WebOS 1.4 we will not disclose the examples here.
Sent from my Verizon Wireless BlackBerry