Xuxian Jiang, a computer security researcher at the North Carolina State University, has identified a security flaw in Android 2.3 Gingerbread. The vulnerability provides access to the microSD card and applications directory on Android 2.3 handsets By clicking on a link, malicious code on a website could access the data on a microSD card including voicemail, photos, and other saved data. Once scanned, these files can be uploaded to a remote server. In a similar manner, the vulnerability also lets attackers scan and upload the installed and built-in applications on a handset. The vulnerability was discovered as part of a research project and was confirmed using a Nexus S running Android 2.3 Gingerbread.
Google has recently fixed a troubling SMS bug that led to SMS messages being sent to the wrong contact. A fix was put in place that corrected the SMS issue but, according to Jiang, this can be easily bypassed. eWeek has examined this issue and confirmed that Google is working on a solution to block this hole. As of the writing of this post, there is no official confirmation from Google on when this vulnerability will be fixed.