HTC to issue over-the-air patch for software flaw in Android devices

Company admits vulnerability and will roll out fix 'quickly'

HTC has confirmed that its latest Android devices have vulnerabilities that can leave confidential data exposed to hackers if malicious third-party applications are installed and is issuing a patch to fix the flaw.

The vulnerabilities means rogue applications granted permission to the internet are able to access and send confidential data, including user accounts, last known network, GPS location and histories of phone numbers without users' permission.

The flaws were found by bug hunters at the Android Police and found to affect EVO 4G, EVO 3G, EVO Shift 4G, Thunderbolt, MyTouch 4G Slide and Sensation models.

HTC confirmed the existence of the flaws and said it will begin rolling out an over-the-air update immediately, adding that data is at risk only if users download untrusted, third-party apps.

"In our ongoing investigation into this recent claim we have concluded that, while this HTC software itself does no harm to customer data, there is a vulnerability that could be exploited by a malicious third-party application," it said.

"HTC is working to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over the air to customers, who will be notified to download and install it."

The company stated that no customer data has been compromised at present, and urged customers to only download, install and use applications from trusted sources in the meantime.