Security vulnerability is on android phone that allows malicious applications to make calls or send USSD without permissions. Curesec research team had already reported to Google Inc., last year about this bug and it is noticed in version 4.1 according to the internet sources.
While installing the application on android phone, the application should notify and need permission to make a call or blocking your sim card or some other permission from the users. Recently security researchers Marco Lux, Pedro Umbelino released a security bug which is critically vulnerable for the android mobile users according to their blog. They have also released the test code.
The researchers are also added that this security bug exist all versions of android from Jelly bean 4.1.1 to Android KitKat 4.4.2 and the bug is fixed in the latest android version 4.4.4. Hope most of mobile companies will update their android version. The researchers are also added the proof of concept to prove that the vulnerability is existed.