The Palm Treo models 700p, 680 and 650 contain the security flaws, according to an advisory on Wednesday from Symantec's SecurityFocus Web site.
The vulnerabilities concern the way data is accessed on the Treo. They could allow anyone in possession of the device to use the "find" feature to locate data, even if the Treo is locked, according to a posting on the SANS Institute's Internet Storm site.
Palm has yet to release a fix to address the problem, SANS noted.
Palm said Friday it is working on a software update that addresses the security flaws on the Palm Treo models 700p and 680. The company said it is investigating "possible solutions" for the Palm Treo 650.
Palm, however, issued no specific timeline for when these updates would be available.