Dangerous Android exploit could turn over complete control of an Android handset to a hacker
Unlike other exploits that require multiple vulnerabilities to execute, this new security issue can be unleashed in "one shot." In addition, all Android handsets are threatened, even those running the latest version of Google's open source OS. A hacker could, in theory, get an Android user to open a malicious website on his/her handset, which would eventually allow the hacker to control all aspects of the phone. Obviously, this would allow the hacker to learn all of the private information that the phone owner has stored on his/her device. That could include account numbers, passwords, and other financial information.
At the conference, the bug was demonstrated to those in attendance on a Nexus 6 running on Google's Project Fi hybrid MVNO service. A Google security expert was at the conference and received the exploit. Since the exploit isn't out in the public, and Google knows about it, we should see a security patch sent out via an OTA update in the not too distant future.
The bug was discovered by Quihoo 360 researcher Guang Gong, who presented it at PacSec. It took him three months to develop the exploit.
source: TheRegister via SlashGear