Z
ZeroDay
Thread author
Google’s Android may be in the news for all the right reasons at the moment, but just a few days ago, security vendor Bluebox Security announced that it had discovered a way that malicious code could be injected into otherwise entirely legitimate Android applications. Now, it would appear, this issue is more than just a theory after security firm Symantec announced in a blog post that it had discovered two apps that had fallen foul of the exploit, named Master Key exploit.
The two apps currently reside in a Chinese Android app store, and both are apps that are used to find medical appointments in the area. Unfortunately, it would seem that both have fallen victim to the recently discovered ‘Master Key’ security hole that Bluebox told us about not that long ago.
Source
I thought I read somewhere that Google had patched this vulnerability, well judging from this they haven't done a very good job.