Security researchers have discovered a vulnerability in recent builds of Android’s KeyStore, the central location where you smartphone or tablet stores and remembers passwords for you, IBM’s Security Intelligence blog is reporting.
According to the details, a hacker could use the security hole to unlock your phone, access a virtual private network (VPN) or use any app that saves your password to keep you from having to re-enter it. The vulnerability affects the 10% of Android phones worldwide running 4.3 Jelly Bean. (Earlier news reports that 86% of all Android devices were at risk were incorrect.)
Admittedly, will be difficult for hackers to actually exploit the vulnerability. The Android operating system contains a number of software protections designed to block malware and other threats by default. You're effectively protected from this threat so long as you only download apps from trusted sources, like Google Play and the Amazon App Store.
The vulnerability was also discovered on Android 4.4 KitKat, though the folks at Android have already issued a patch for it. Install any waiting updates to your device’s operating system to ensure it’s protected.
For more on keeping your smartphone out of harm’s way, check out our Android-specific guide to avoiding malware.