HTC is working on an over-the-air update for its handsets to fix a serious security flaw that could expose users' personal data.
The company said it planned to rush out the fix as soon as possible after Android security bloggers exposed the vulnerability – which exploits weaknesses in HTC's logging tools.
"HTC takes claims related to the security of our products very seriously,” the company said in a statement. “In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application.”
...
HTC urged consumers to avoid downloading, or updating, apps from sources they don't trust until the patch has been rolled out.
Widespread issue
The vulnerability affects a range of HTC handsets, including the EVO 4G and 3D, the Thunderbold and some Sensation handsets – potentially leaking data such as email accounts, location information, SMS logs and phone numbers.
While the update might fix the problem, the company still came under fire for the fact that it was a vulnerability created in-house.
