From CNET News.com: A researcher who found a security hole in the Android mobile platform in October has found another one that he says is serious enough for him to recommend people not use the Android browser until the patch is installed.
Charlie Miller, a principal analyst at consultancy Security Evaluators, said on Thursday that a patch for the vulnerability is available on Google's source code repository, but has not yet been made available for download onto the phones via the T-Mobile service.
Like the previous hole, the new vulnerability could allow an attacker to remotely take control of the browser, access credentials, and install a keystroke logger if the Android user visits a malicious Web page.
"All the gory details are out there and they still haven't patched it," he said, adding that he recommends that Android users avoid browsing the Web until they have patched their phones.
View: Article @ Source Site