There are a couple of problems with the Android phone in the new this evening. The first of which concerns how Android processes SMS messages.
Hmm. Why does this one ring a bell?
From oCERT:
a specific malformed SMS message can be crafted to trigger a condition that disconnects the mobile phone from the cellular network. The malformed SMS message consists of a badly formatted WAP Push message which causes an Java ArrayIndexOutOfBoundsException in the phone application (android.com.phone).
The other problem involves a denial of service problem with the Dalvik API.
A specific malicious application can be crafted so that if it is downloaded and executed by the user, it would trigger the vulnerable API function and restart the system process. The same condition could occur if a developer unintentionally places the vulnerable function in a place where the execution path leads to that function call. Triggering this bug is considered a DoS condition.
Congrats to researchers Charlie Miller, Collin Mulliner and Emmanouel Kellinis. Patches have been released by the vendor for both of these issues.