An eagle-eyed Android user has discovered a new vulnerability in the operating system that allows malicious websites to steal data stored in an SD card.
Security expert Thomas Cannon exposed a flaw in the stock Android browser that could be exploited by crafty websites to read local files stored on the SD card.
Cannon reported the flaw to Google, which promptly acknowledged the problem.
It said in a statement: “We've developed a fix for an issue in the Android browser that could, under certain circumstances, allow for accessing files on a user's SD card.
“We're working to issue the fix to our partners and open source Android.”