Responding to the recent claim by Bluebox Security indicating that 99% of Android devices are at risk from malware attack due to a security vulnerability, Google has released a fix. Google said that they’ve issued a patch for the security hole and was made available to OEMs (Original Equipment Manufacturers — device manufacturers).
For those who might have missed our previous report, the vulnerability makes it easy for hackers to turn a legitimate application that a user may have installed on his or her phone into a malicious Trojan. This is done by simply modifying its APK code without breaking the app’s cryptographic signature.
Now that the patch has been released, it’s now up to device manufacturers and carriers to push the patch to end-user devices vis-a-vis updates. As for us Android users, we can only wait until our respective manufacturers and/or carriers send out the updates. That, or you can install a custom ROM on your device… something most people are unlikely to do.