When we say that this new security flaw discovered in Android is no little bug, we mean it. The bug apparently has the potential to affect any Android device that is not running the latest version of Android, this would be Android 4.4 KitKat. When you do a little research you will find that about 70 percent of Android devices currently in use are running a version of Android that is lower than 4.4 KitKat. As you can guess, this is not good by any means.
Translated to English, the vulnerability would allow a hacker to read passwords, hijack a user's session, and scrape web pages. When Rafay Baloch first told Google about this flaw back in August they told him that they were unable to reproduce the exploit on their end. But as soon as Rafay told the world about the flaw in a blog post Google suddenly changed their tune and essentially got back to him with, "nevermind, we can fix this". Needless to say, at this point Google has released patches for AOSP that patch the exploit right up.
If Rafay was telling the truth about the way Google treated him through the process of trying to get this exploit recognized and patched, its disappointing to say the least. Not to mention the fact that Rafay has not and will not be receiving recognition for initially discovering the exploit. But regardless of this, we are glad to see the exploit get patched by Google.