HTC has released a new statement today, acknowledging that the security hole discovered in their new devices over the weekend could allow malicious applications to access the system data collected by their HTCLogger app. A patch is currently being worked on and will be rolled out after a short testing period with service providers. As we reported yesterday, HTC has confirmed that there are no known reports of malicious apps currently taking advantage of the vulnerability.
The system patch for affected HTC devices should be coming soon, but we suggest you use caution when downloading new application from developers that may appear a bit sketchy. Vulnerability or not, there’s always a chance that app developers hide code within their apps which access information we thought was secure.
[toggle_box title=”Press Release” width=”Width of toggle box”]HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
[/toggle_box]