21

Windows Phone only smartphone OS immune to Webkit vulnerability

Windows Phone unaffected by new malware

Security firm CrowdStrike has identified a vulnerability that could allow attackers to seize complete control over a smartphone.  The hole could allow an attacker to gain access via Webkit-based browsers, which makes up the bulk of mobile web browsers.  The good news for Windows Phone users is that they are in the clear because Microsoft designed Internet Explorer themselves, opting not to use the Webkit platform.

George Kurtz, CEO of CrowdStrike, has tested this theory and has confirmed that Windows Phone, unlike iOS, Android and Blackberry, is immune to this threat.  Kurtz has not revealed the details of the vulnerability, but will be holding a demonstration tomorrow at a TSA conference.  For the time being, there is little that users can do to protect themselves.  Any fixes must come from the OS developers first, and then get pushed out to consumers.

Source: Zunited

15
0
0
0

Reader comments

Windows Phone only smartphone OS immune to Webkit vulnerability

21 Comments

This is good news. However, it got me thinking. Almost every month MS patches an IE security vulnerability via Windows Updates. Since IE on WP is much the same, shouldn't we be getting regular IE patches on our phones, too?

I don't think so because on a PC such a security hole would allow the hacker/spyware to seize control of the PC, with WP there is no way to take control of the OS. If I'm not mistaken.

That's a good question once we reach WP8, but for now, it's IE on Windows CE platform which wouldn't be affected by the same vulnerabilities.
That's not to say it doesn't have its own potential issues though.

Apple will probably release an update to all supported iOS devices in a month or 2, Google will also fix Chrome for Android and the ICS browser soon, probably faster than Apple, but the majority of Android phones, that are running 2.2 and 2.3 will never see a fix

Wow. Only now do I finally realize that the stock browser of nearly every Mobile OS is based on Webkit. That's insane.
 
I also wonder if you're an Android user and you use Opera or Firefox as your main browser if you're free from the vulnerability.

Mixed feelings on this one. I somehow feel that the only reason there aren't the vulnerabilities in mobile IE is exactly because of how small the market share is. The hackers are focusing on webkit because it pretty much targets everybody.

Or it really is just Webkit that's at fault. It's had several major security flaws in the last few months.
 
I've never liked Webkit very much compared to Gecko and this just further cements my belief.