Nexus devices – Google Play editions and Motorola phones are all getting the KitKat 4.4.3 update. Android developers have been working tirelessly on the bringing various security fixes. Android 4.4.3 has come with variety of improvements and bug fixes. The Funky Android website has published the whole changelog between versions 4.4.2 to 4.4.
There are two main security bugs that are majorly fixed in latest version of KitKat:
The first vulnerability is quite obvious, if an existing file path is requested by a new app, it could be granted permission to existing app data. The user will have full access to it, allowing him to write new files inside. This might corrupt the data of an older app or even cause privacy or security leak. For technical details check Cassidian Cyber Security.
This vulnerability is patched in Android 4.4.3 by introducing new functions. This was one of the old local root vulnerability.
The second vulnerability is a tethered root method, the device grant temporary root privileges to users by using ADB when connected to computer or other device, even when the device itself is not rooted. When the device USB connection is severed, the root access of the device is revoked. This vulnerability can be exploited to tinker with device without triggering the flash counter or voiding their warranty via the tamper flag. The security issue is fixed in the latest version.
Google has fixed a lots of old local root vulnerability. Android is becoming more and more secure as Google introduces modern security mechanisms, but it needs more security audits. Latest version of Android is far better than all other previous versions, as far as security is concern.