Google has moved quickly to send out a fix for a newly discovered vulnerability that has left as many as 99% of Android handsets vulnerable to malware.
The hole was spotted last week by Bluebox Security, and applies to devices all the way back to Android 1.6 – as many as 900 million handsets.
According to ZDNet, however, Google has already sent out a patch to Android OEMs, with Android communications manager Gina Scigliano revealing that “some OEMs, like Samsung, are already shipping the fix to the Android devices”.
The Master Key vulnerability gives hackers the potential to bypass the cryptographic signature which verifies that the content of apps being installed is legitimate and hasn't been tampered with.
It means that (in theory) any app can potentially be turned into malware without Android picking up that anything is amiss.
That's only in theory, though – and Android Scigliano emphasises there's no evidence the vulnerability has actually been exploited.
“We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools,” Scigliano says.
“Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”
That should hopefully be that, then – check out for the patch arriving over the coming days and weeks, depending on your Android manufacturer.