IBM researchers found a bug in the Android KeyStore that could allow attackers to steal phone lock credentials. The vulnerability affects 86.4 percent of Android users without KitKat, which is now available. IBM researchers discovered the problem nine months ago, but waited until the Android Security Team came up with a patch for KitKat. The security flaw is what the researchers call a “classic stack-based buffer overflow,” and it could allow hackers to steal bank details and other data on the phone. To actually carry out an attack, hackers would have to overcome Android’s software protections.”]
Source: https://gizmodo.com/serious-security-threat-lurks-on-86-percent-of-android-1597913405