HTC is addressing an issue on some of its Android devices that exposes Wi-Fi security credentials to applications. Security researchers Chris Hessing and Bret Jordan discovered that third-party Android applications on a range of HTC handsets with the android.permission.ACCESS_WIFI_STATE permission could call a command to access the Wi-Fi credentials of a connected network. The researchers, who discovered the flaw in September, publicly revealed today that it could be used to transmit details to a remote server using the internet access permission.
HTC describes the issue as "small," and is confident that most phones have already received a fix through regular updates over the past few months. However, the company warned that some handsets will need to load the fix manually, and it plans to supply further information on this next week. The following devices are affected by the issue: