This is potentially very serious, Infosecurity notes, as the sandbox element of the browser environment seen on Android is supposed to defend the smartphone/tablet platform against this type of attack.
The researchers note that the vulnerability "has the same implications as global XSS, albeit from an installed application rather than another website."
The IBM security researchers go on to say that Android 2.3.5 and 3.2 have been released and which incorporate a fix for this bug.
Patches are also available for Android 2.2 and will, they note, be released at a later date.
LINK TO OUR HOME PAGE :