It appears that the flaw made an appearance in 2012, with the introduction of version 3.6 of the Linux operating systems kernel. It has been reported that the flaw still exists within Android 4.4 (KitKat) and will be present in future versions of Android, including the latest – Nougat.
A researcher from Lookout stated that “The vulnerability allows an attacker to remotely spy on people who are using unencrypted traffic or degrade encrypted connections. While a man in the middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack.”
According to Lookout, in a recent blog post, in order to patch this vulnerability Android devices need to have their Linux kernel updated. Until the patch is released, there are some steps you can take to protect your device, such as ensuring the websites you browse and the apps you use are employing HTTPS with TLS. You can also use a VPN if you want to add an extra step of precaution.