Security Expert Warns of Android Browser Flaw
justice4all writes "Google is working on a fix to a zero-day flaw discovered by British security expert Thomas Cannon that could lead to user data on a mobile phone or tablet device being exposed to attack. Cannon informed Google before posting information about the flaw on his blog. 'While doing an application security assessment one evening I found a general vulnerability in Android which allows a malicious website to get the contents of any file stored on the SD card,' Cannon wrote. 'It would also be possible to retrieve a limited range of other data and files stored on the phone using this vulnerability.'"
Sophos's Chester Wisniewski adds commentary on how this situation is one of the downsides to Android's increasing fragmentation in the mobile marketplace.
Even if fragmentation is an issue, it still easier to distribute than iphone, where it's up to the user to manually plug in their phone and apply the patch. Most of the fragmentation people talk about is because there are older Androids. Iphone has fragmentation to if you consider people that are still on iOs 3. Now stop with the FUD!