HTC confirmed that the issue reported the other day by Android Police is real.
Says the statement:
"...we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application..."
HTC is now "working very diligently" to release a patch, fixing the issue.
Engadget has the full statement and details:
http://www.engadget.com/2011/10/04/htc-confirms-security-hole-says-patch-is-incoming/
