A new bug has been discovered on some HTC Android handsets that could reveal some Wi-Fi security information to certain apps. The issue has to do with apps that contain the "ACCESS_WIFI_STATE" permission which, when loaded onto one of the HTC phones in question, could be allowed to gain access to passwords for any Wi-Fi networks that the device hops onto. The devices that have been found to be affected by this bug include:
The good news is that the researchers that discovered the problem back in early September took it to Google and HTC and has been working with the two companies to come up with a fix. HTC recently acknowledged the bug on its official support site, calling it a "small" issue and explaining that most of the affected phones have already received a fix for this bug in a regular update. However, some devices still need to be manually updated with the fix, and HTC says that it'll provide more details on a manual download for the remaining phones next week. Own one of the devices in the list above? If you've gotten an update in the past couple of months, you're likely safe from the bug, but you could always hit up HTC's support site next week to make doubly sure that you won't be at risk of some rogue app sniffing out your Wi-Fi passwords.