"This fix requires no action from users and will roll out globally over the next few days," Google told All Things D in a statement on Wednesday.
Recent research conducted at Germany's University of Ulm found that up to 99% of Android handsets may be leaking users' login information when apps connect to Google's servers via unencrypted WiFi networks. The exploit potentially gives third parties access to users' calendar, contact, photo apps and more.
Most devices vulnerable to this kind of attack are those running Android version 2.3.3 and earlier.
If you're an Android user who hasn't updated (or can't update) to 2.3.4, don't connect your device to unsecured WiFi networks until you've received Google's forthcoming security patch.