First time I’ve seen a security advisory for a phone…

Critical: Highly critical Impact: System access Where: From remote Solution Status: Unpatched

Adam Gowdiak has reported two vulnerabilities in Java 2 Micro Edition (J2ME), which can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to insufficient validation of bytecodes in the bytecode verifier component of KVM (Kilobyte Virtual Machine). This can be exploited to escape the KVM sandbox and execute arbitrary code on the mobile device.

The vulnerabilities have been reported on a Nokia DCT4 phone. Other devices may also be affected.

Solution: Do not run untrusted Java applications.