vulnerable to whom? in whom can we really and honestly trust?
as it is reported, all Android powered devices are OPEN to the world without the patch.
can we really complain about a 'fix' that 'takes root and/or superuser privileges' in order to close the security flaw?
which is the lesser evil, 'devious gov's, individuals, institutions, mobile phone carriers' placing malware on your device via this flaw or 'some basic trust' in a well meaning security group, that yes could be hacked themselves to produce a product or backdor?
bit like your front door lock being broken. do you:
a) close the door hoping no-one will try and get in?
b) trust that the person who replaced the lock didn't sell a spare key to one of his mates?