A recently discovered significant data exploit in Android might only be patched for a handful of devices. The attack found by Thomas Cannon uses a malicious website to deliver a payload to the user's SD card slot and can use JavaScript to automatically access and possibly forward information along from locally stored files. Although it needs to know the file name, Android's file structure could let it reach whole photo libraries, system files and apps.