Google is implementing a patch to fix a “ClientLogin” vulnerability that could enable cyber criminals to view or edit contact info on Android smartphones not running version 2.3.4 (Gingerbread).
“Today we’re starting to roll out a [server-side] fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts,” Google confirmed in an official statement.
”This fix requires no action from users and will roll out globally over the next few days.”
Earlier, Sophos security researcher Graham Cluley had expressed concern that Android’s fragmented ecosystem would prevent Google from rolling out a timely patch.
“There is a huge range of Android smartphones out there, and whereas Apple can issue a single iOS update to patch iPhones and iPads, things aren’t so simple for Google’s users.
“This fragmentation inevitably leaves Android devices open to security problems.”
Fortunately, despite the various issues associated with Android fragmentation, Google is moving quickly to patch the vulnerability across all affected versions of its popular mobile OS.