A rather unsettling security vulnerability was discovered in newer HTC Sense-powered Android devices over the weekend and, although the hole may not have been as big a deal as some made it out to be, it was clear that something needed to be done. HTC promised that look into the issue, and today the Taiwanese firm concluded that although its own software isn't causing any problems, "there is a vulnerability that could potentially be exploited by a malicious third-party application." As for a fix for the hole, HTC says that it's hard at work on getting a patch out the door and that, after some short carrier testing, the update will be pushed over the air to users. HTC's full statement is available below.
Although it obviously would've been nice if this vulnerability had never cropped up, it's good to see HTC respond to the issue relatively quickly. Now we just have to wait for the patch itself to come out. When it does, you can bet that we'll pass along the details. And because this always bears repeating: be careful out there, and if something that you're considering downloading makes you raise an eyebrow, maybe you don't click that install button, mmmk?
HTC Public Statement
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.