Another major flaw has been found in Android affecting all devices with Android 4.3 and earlier.  Google has stated they will not fix the issue in Webkit leaving an estimated 960+ million devices to be at risk.  Google recommends that developers write their own viewers to cover this flaw. But like any security issue, it can often be a crafted attack that goes after this issue.

Certainly brings a great degree of concern for considering Android as a platform for a new device.  Especially since updates in general are hard to come by, it requires each Google and the Vendor who made the device to work to provide the update, which rarely happens.

This is not the first issue like this found in Android, but it provides a better understanding for customers about their choices. Especially when so many phones and tablets still only have Android 4.3 – JellyBean

Google’s response:
https://plus.google.com/+AdrianLudwig/posts/1md7ruEwBLF

Rapid7’s report of the issue to Google:
https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior