Google fixes SMS crashing bug in mobile OS
Google last week updated its Android mobile phone software, following the discovery of a potentially nasty pair of denial of service bugs.
The first of the two bugs creates a means for hackers to kick an Android phone off a mobile network and force a restart via a malformed SMS message. Dodgy text would contain a badly formatted WAP Push message that causes an exception on phones running the open source-based software, triggering a restart.
The second vulnerability involves tricking a user into downloading and running a malicious application that hooks into Android's (vulnerable) Dalvik API. This API function contains a security bug that means a system restart can be forced.
Users are advised to upgrade to Android 1.5 CBDxx, CRCxx and COCxx, as explained in an advisory by oCERT here . oCERT is an organisation that handles security disclosure for open-source projects. ®