The VOLD system doesn’t just handle mounting the SD card and creating /sdcard paths, but it also handles the task of mounting virtual file systems which is where the security flaw actually takes place, using a virtual file system called ASEC or Android Secure External Caches. Within the ASEC is where attackers can exploit the weakness, basically resulting in the system allowing them to manipulate the privileges of an application. Normally, most apps on an average Android device will only have read access unless the device is rooted, in which case the user can go into the files and provide read/write access to certain apps. The vulnerability allows for an attacker to slip into the VOLD and temporarily give write access to an application which is essentially a root privilege, which could allow them to manipulate the app for various potentially dangerous activities.
Thankfully with 4.4.3 Google was able to readily fix this security issue by installing a check in the VOLD that would basically prohibit redirecting the path from its designated location. Since this check never existed before attackers could pass into a path and the system never verified validity of the action, allowing the attacker to pass in without much difficulty. With the vulnerability being patched in with this newest software update any devices that will be moving forward to 4.4.3 generally won’t have to worry, but older devices could essentially still be vulnerable since the flaw has been around for quite some time. The good news for those using device who will never get the update to Android 4.4.3 is that completing such an attack requires multiple exploits, so there are limits to the attack.