Neowin.net

CRN are reporting that less than one week after launch security experts at Baltimore, Maryland-based Independent Security Evaluators (ISE) have warned of a serious flaw that leaves it open for hackers to launch drive-by attacks.

Google’s Android OS has been designed especially for mobile use and is compatible with all of its most popular web-apps including Maps, Gmail, YouTube, Calendar and Google Talk. The device also comes with 3MP camera.
According to the report the flaw originates from a buffer overflow vulnerability in some of the older open source packages used of which there are 80 in total.

When a user accesses an infected webpage attackers could gain access to all personal information in the phone’s browser, leaving open the possibilities to steal passwords and, banking login details and other sensitive information.

"If you end up on a bad guys' site, he can basically take over the phone and run code, and access anything your browser has access to and do anything your browser could do," said Charlie Miller, principal analyst at Independent Security Evaluators.

Luckily so far there is no known exploit and the ISE is not releasing any further information and is working with Google to address the issue and releases a patch.

According to Charlie Miller Google were notified of the flaw 2 days prior to launch of the phone.

Google have already started working on a patch:

"We treat all security matters seriously and will carefully work with our partners to investigate and update devices periodically to reduce our users' exposure," said Google in a statement. "We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open source platform. The security and privacy of our users is of primary importance to the Android Open Source Project " we do not believe this matter will negatively impact them."