The recently patched Android exploit was included in a earlier version released earlier this week but this newly released incremental build nixes yet another recently uncovered master key APK vulnerability (bug 9695860). Users are urged to upgrade as soon as possible mitigate any security risk (which should be minor unless you’re in the habit of installing shady apps).
The 10.1.2 initial release includes only this fix for around a few dozen devices at the moment but all supported handsets (over 50 devices) will receive an upgrade notification in the coming hours/days (depending on the maintainers).
Developers building CyanogenMod for unofficially supported devices will however have to sync their sources with the latest CM changes and recompile a new ROM.
The CyanogenMod team & Google (via AOSP) were quick to patch the vulnerability. It’s now up to manufacturers to do the rest but those using CyanogenMod should be immune!
Some of you may have noticed some details emerging yesterday about a new apk-level issue in Android (bug 9695860) . Google has already released a patch for it, so 10.1.2 is a minor upgrade on top of 10.1.1 to add that change.
Even though it’s minor, all users running 10.1.0.x or 10.1.1 are advised to upgrade. Stay safe!
Users with support handsets can grab the bits from the get.cm website.