According to a security advisory published by IBM researchers last week, a flaw in the Android KeyStore leaves around 10% of Android devices vulnerable to potential security attacks.
The security flaw in question is known as a stack-based buffer overflow, which when exploited could allow attackers to execute code on the device that could be used to steal very sensitive data. This is because the flaw is found in the KeyStore, which stores cryptographic keys and other sensitive information within the Android OS.
The researchers at IBM discovered the vulnerability nine months ago, and waited until the Android Security Team had enough time to craft a patch that rectifies the issue. As such, it doesn't appear as though anyone has exploited the flaw just yet, especially as other software protection methods built into the OS (such as data executing prevention) would also have to be overcome.
Originally it was thought that the flaw can be exploited in all versions of Android up to 4.4 'KitKat', which was the first version of the OS to include a suitable patch. However, IBM recently clarified their advisory to state that only Android 4.3 is affected, which according to the latest user breakdown statistics is found in 10.3% of Android devices.
Whether or not the vulnerability will be exploited in the future remains to be seen, but regardless it's never nice to discover a major flaw in the Android OS.
