Google last week updated its Android mobile phone software, following the discovery of a potentially nasty pair of denial of service bugs.

The first of the two bugs creates a means for hackers to kick an Android phone off a mobile network and force a restart via a malformed SMS message. Dodgy text would contain a badly formatted WAP Push message that causes an exception on phones running the open source-based software, triggering a restart.

The second vulnerability involves tricking a user into downloading and running a malicious application that hooks into Android's (vulnerable) Dalvik API. This API function contains a security bug that means a system restart can be forced.

Users are advised to upgrade to Android 1.5 CBDxx, CRCxx and COCxx, as explained in an advisory by oCERT here. oCERT is an organisation that handles security disclosure for open-source projects. ®

Related stories

• Android to overtake iPhone in 2012 - analyst (9 October 2009)
• Verizon strokes Google's Android (7 October 2009)
• Google to blight smartphones with big ads (6 October 2009)
• iPhone app grabs your mobile number (30 September 2009)
• Open sourcers strike back at Google cease-and-desist (28 September 2009)
• iPhone anti-phishing protection goes AWOL (10 September 2009)
• Moles say MS to tackle iPhone, Android separately (19 August 2009)
• Black Hat Hijacking iPhones and other smart devices using SMS (31 July 2009)
• Google fixes world's most stupid bug (10 November 2008)
• Google plugs first Googlephone flaw (3 November 2008)
• Google launches security group for open source (6 May 2008)
• Google gears up for mobile security smackdown (5 March 2008)