It seems like a happy ending may arrive to the HTC security hole issue quite soon. Almost as quickly as the news broke RootzWiki posted a quick fix for those with rooted devices. It turns out HTC hasn’t been slacking either, with a patch already knocking on the door of carriers. HTC said that so far it doesn’t seem like anyone has taken advantage of this vulnerability as it has received no shady reports from its customers (*phew*) but until the presumed OTA patch gets pushed out the handset manufacturer advises that you don’t download any untrusted third party apps and to stick with developers who are trusted and have a good standing reputation. The patch will undergo a “brief” testing phase at carriers before being rolled out, so the final page to this days-long saga rests in the hands of the carriers. Kudos to HTC for jumping on this so quickly, and hopefully nobody was taken advantage of during the few days this exploit was public! Full statement from HTC below.
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.