In an advisory, they said the vulnerability "has the same implications as global [cross-site scripting] attack albeit from an installed application rather than another website".
Android 2.2 (Froyo) and versions 2.3.4 and 3.1 (Honeycomb) were vulnerable to the exploits.
Versions 2.3.5 (Gingerbread) and 3.2 had a fix while a release for 2.2 patches was in the pipeline.
"We would like to thank the Android security team for the efficient and quick way in which they handled this security issue," the researchers said.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.