HTC has issued a new statement addressing concerns over a security flaw recently discovered on several of its Android-powered smartphones. The vulnerability could allow third-party apps to access and steal private data including SMS messages, contact data, system logs, location information and more. ”HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws.” HTC says that it has not yet received any reports of malware exploiting the security flaw, and it recommends using caution when installing or updating applications from untrusted sources until a patch is issued in the near future. HTC’s full statement follows below (emphasis added by HTC). More →
BGR has uncovered a major security flaw on AT&T’s version of the Samsung Galaxy S II that renders Android’s security lock feature completely useless. Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device’s lock screen. The same flaw allows users to bypass PIN security as well. We have confirmed that the flaw exists on AT&T’s Galaxy S II and not on Sprint’s Galaxy S II, Epic Touch 4G, though it is currently unclear if other phone models are affected. Hit the break for details on the flaw.
Updated with statement from Samsung. More →
Apple on Monday released iOS 4.3.5 for iOS devices to address a security vulnerability. The update comes just 10 days after Apple issued iOS 4.3.4 to address a security hole related to PDF support. The new update was released with the following notes:
iOS 4.3.5 Software Update
Fixes a security vulnerability with certificate validation.
IOS 4.3.5 is available immediately through iTunes for the iPhone 4, iPhone 3GS, iPad 2, iPad and the last two iPod touch models. Apple has also released iOS 4.2.10 at the same time for Verizon Wireless’ CDMA iPhone 4.