Xuxian Jiang, a computer security researcher at North Carolina State University discovered a security issue with Android 2.3 while conducting "an Android-related research project" which allows an attacker to access information stored on the unlucky user's microSD card, including photos, personal and financial information, voicemails, and videos.
According to the source, the attack can occur by just selecting a link on a malicious site and can also find out what apps are installed on the phone.
Perhaps even more alarming is that the nature of the vulnerability is apparently not new. Last year, a similar exploit was uncovered for Android 2.2, which Google fixed. However, Jiang was able to bypass the fix used in Gingerbread.
Google told eWeek that Mr. Jiang has already contacted them about the vulnerability and that a fix is being made, which should be released in the next official update. In the mean time, there are ways for Gingerbread users to protect themselves.
Jiang explains that to protect themselves from the exploit, users can unmount the sdcard (not recommend), disable javascript, or use "a third-party browser for the time being." Finally, just be careful about what sites you choose to visit.
I'll personally be taking no steps against this vulnerability other than being a little more careful about which sites I visit. However, that doesn't mean that others users shouldn't be concerned, as I have uncovered no evidence whether or not the vulnerability is already being exploited for malicious intent.
If anyone asks you whether there are security risks within Android, don't hesitate to use this case as an example.
Image from Engadget
Jeremiah
There's security risks for all os's. Even apple's os has vulnerabilities, it's when an os has a large share of the market that people make malicious software to attack it.