Presumably fixes are available, since the linked talk abstract says that the vulnerability was "disclosed to Google in February 2013."
What worries me is that I've heard that many manufacturers don't have ways to update the OS on phones in the wild, preferring to require customers to root their phone or purchase a new handset to get a new OS.
Even for manufacturers that do have an easy upgrade path, I wonder how many users ever update their OS's? I don't have data, but somehow I'm not optimistic about the answer.
The other part of the problem with security updates on Android, IMO, is that they aren't typically back-ported - so if your phone can't do Android 4, you're stuck with the security flaws in 2.3 (including this new flaw) forever.
What worries me is that I've heard that many manufacturers don't have ways to update the OS on phones in the wild, preferring to require customers to root their phone or purchase a new handset to get a new OS.
Even for manufacturers that do have an easy upgrade path, I wonder how many users ever update their OS's? I don't have data, but somehow I'm not optimistic about the answer.