Xuxian Jiang, a computer security researcher at the North Carolina State University, has identified a security flaw in Android 2.3 Gingerbread. The vulnerability provides access to the microSD card and applications directory on Android 2.3 handsets By clicking on a link, malicious code on a website could access the data on a microSD card including voicemail, photos, and other saved data. Once scanned, these files can be uploaded to a remote server. In a similar manner, the vulnerability also lets attackers scan and upload the installed and built-in applications on a handset. The vulnerability was discovered as part of a research project and was confirmed using a Nexus S running Android 2.3 Gingerbread.
To avoid being compromised by this exploit in wild, Gingerbread users can remove or disable their microSD card, but this preventive measure may prohibit you from saving photos or voicemails to your phone. You can also disable JavaScript in the built-in Android browser, but you may not be able to view certain websites that require JavaScript to function properly. The last and perhaps the least disruptive preventive measure, is to switch to a third-party browser like Firefox.
Google has recently fixed a troubling SMS bug that led to SMS messages being sent to the wrong contact. A fix was put in place that corrected the SMS issue but, according to Jiang, this can be easily bypassed. eWeek has examined this issue and confirmed that Google is working on a solution to block this hole. As of the writing of this post, there is no official confirmation from Google on when this vulnerability will be fixed.
[Via North Carolina State, Engadget, eWeek]