The word is a “proof of concept code” which exploits most versions of the smartphone Android operating system has been released by an Alert Logic security researcher called M.J. Keith.
According to an article over on The Register, Keith released the attack code to apparently expose “inadequate patching practices for the open-source mobile platform.”
Apparently Keith told The Register…”They need a better patching system. They do a good job of repairing future releases, but I think a better patching system needs to be set up for Android.”
Word is the bug the code exploit has been fixed in Android 2.2 but apparently according to figures on 36% of Android users have that version which means the rest are open to attack. Keith apparently searched documented security flaws for Apple’s Safari which has the same webkit browser engine as Android, and also had no problem finding other webkit documentation vulnerabilities which haven’t been fixed in Android 2.2.
Keith further said, “I wanted to demonstrate that nobody’s being notified that their Android phone is vulnerable to this stuff but Google wants to pretend it’s not there.” Google when asked declined to comment.