Independent Security Evaluators claim they have discovered a flaw in the Android browser that opens the device up to attacks. Not to worry however, mobile device attacks are still pretty uncommon and the issue is top priority to be fixed.

Android, Google’s open-source system that runs on HTC’s G1 is based on outdated open-source components, according to researchers. The vulnerability is actually previously known and has been addressed and solved, however Google didn’t incorporate the fix into Android.

With G1’s on sale already and the source code published, other manufacturers are expected to be releasing Android based phones in the near future. Motorola is one of the manufacturers onboard. As with the new release of any software, bugs and oversights are inevitable – we all know things aren’t perfect the first time around, and the fact that Android is open-source based, it is going to get a lot of attention from the open-source community. This also means we could see a lot of potential ‘issues’ being found over time as there will be more eyes on the code, unlike other manufacturers that keep their code guarded.

Independent Security Evaluators (ISE) are remaining tight-lipped over the details surrounding the vulnerability while they wait for Google to fix it. What they have said is that Android users that visit ‘malicious websites’ may find information from their device stolen from them. Things such as saved passwords are at high risk.

ISE has mentioned that the nature of the vulnerability and the design architecture of the device do not allow for someone to take control of device functions such as the dialer, so there is no need to worry about attacks involving device control.

Google said it is currently working on a solution to the problem in a recent statement:

“We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open-source platform. The security and privacy of our users is of primary importance to the Android Open Source Project – we do not believe this matter will negatively impact them.”

For the record, ISE informed Google of the problem on October 20, so a fix should just about ready to roll out.