WebKit Security Flaw Found In Android OS

A security researcher has released a warning about a security flaw in the WebKit browser on Google's Android mobile operating system, which allows remote code execution.

The flaw, which was disclosed by researcher M J Keith of Alert Logic on Friday, affects the WebKit browser on Android 2.0.1 and 2.1. The flaw was already known to affect Apple's Safari and Ubuntu Linux.

The vulnerability was tested on Motorola Droid devices running on these versions of the system and on an emulator for 2.0-2.1.

Google have since said that the flaw was patched in the Android 2.2 Froyo update.

“We're aware of an issue in WebKit that could potentially impact only old versions of the Android browser. The issue does not affect Android 2.2 or later versions,” a Google spokesperson said in a statement to tech news site ZD Net.

Despite the reassurances, people who have yet to upgrade to Android 2.2 are still at a risk from the vulnerability.