Windows Phone only smartphone OS immune to Webkit vulnerability

Windows Phone unaffected by new malware

Security firm CrowdStrike has identified a vulnerability that could allow attackers to seize complete control over a smartphone.  The hole could allow an attacker to gain access via Webkit-based browsers, which makes up the bulk of mobile web browsers.  The good news for Windows Phone users is that they are in the clear because Microsoft designed Internet Explorer themselves, opting not to use the Webkit platform.

George Kurtz, CEO of CrowdStrike, has tested this theory and has confirmed that Windows Phone, unlike iOS, Android and Blackberry, is immune to this threat.  Kurtz has not revealed the details of the vulnerability, but will be holding a demonstration tomorrow at a TSA conference.  For the time being, there is little that users can do to protect themselves.  Any fixes must come from the OS developers first, and then get pushed out to consumers.

Source: Zunited



There are 21 comments. Sign in to comment

Jaja in your face webkit toters

aubreyq says:

Yay for Windows Phone!

selfcreation says:

MS might have allot of * securaty* restriction with the OS but atelase we are safe from does things!!

Ton77 says:

Good to know

blackprince says:

Thanks MSFT you rock.

lippidp says:

This is good news. However, it got me thinking. Almost every month MS patches an IE security vulnerability via Windows Updates. Since IE on WP is much the same, shouldn't we be getting regular IE patches on our phones, too?

goldenpipes says:

I don't think so because on a PC such a security hole would allow the hacker/spyware to seize control of the PC, with WP there is no way to take control of the OS. If I'm not mistaken.

That's a good question once we reach WP8, but for now, it's IE on Windows CE platform which wouldn't be affected by the same vulnerabilities.
That's not to say it doesn't have its own potential issues though.

Neusyn says:

Haha, I win once more against my Android buddies :D Windows Phone is awesome.

sanjlogan says:

U r absolutely right bud.. Cuz I won all the times when my Android buddies tie a bet on my WP

ChrisSsk says:

Apple will probably release an update to all supported iOS devices in a month or 2, Google will also fix Chrome for Android and the ICS browser soon, probably faster than Apple, but the majority of Android phones, that are running 2.2 and 2.3 will never see a fix

awesumjon says:

Good to know.

Solidstate89 says:

Wow. Only now do I finally realize that the stock browser of nearly every Mobile OS is based on Webkit. That's insane.
I also wonder if you're an Android user and you use Opera or Firefox as your main browser if you're free from the vulnerability.

jtshorns says:

Mixed feelings on this one. I somehow feel that the only reason there aren't the vulnerabilities in mobile IE is exactly because of how small the market share is. The hackers are focusing on webkit because it pretty much targets everybody.

Or maybe webkit isn't as secure as once thought, butthurt much

Solidstate89 says:

Or it really is just Webkit that's at fault. It's had several major security flaws in the last few months.
I've never liked Webkit very much compared to Gecko and this just further cements my belief.