Do you remember that old vulnerability in Android 2.2 that allowed an attacker to grab data off an SD card, provided they knew the absolute path of a file and were able to get a user to visit a specially crafted site? Well, Google specifically stated they would fix the issue in 2.3 Gingerbread. It would seem that they did indeed patch something in a hotfix – but the issue cropped up again. Xuxian Jiang, an assistant professor in the Department of Computer Science at North Carolina State University has confirmed with Google’s Security team that a related vulnerability still exists in the “shipping” branch of Gingerbread. This means that the fabled Nexus S is being boxed, bought and used with a very exploitable security hole. Fortunately, the team says they are unaware of any active exploitation of this in the wild.