According to a second report published today, this particular flaw can actually allow a malicious app to "breakout" of a secure sandbox and take control of some Android functions. The report added that the flaw could cause certain apps to take over the camera, microphone, GPS location and personal data. The flaw was reportedly introduced to Linux kernel 3.8 in early 2013.
Google responded this afternoon by saying that its own researchers do not believe that Android devices are vulnerable to exploits by third party apps. The company added that the number of Android devices that are at risk is "significantly smaller than initially reported." Despite Google's unworried response to the initial report, it still plans to issue a patch in March.
source: PerceptionPoint via ArsTechnica