Update: We have confirmation that this exploit is also fixed in Jelly Bean, as well, so any device running Android 4.1 should be safe.
Auto-executing USSD codes is an Android bug that was fixed in Jelly Bean, see last 3 commit: android.googlesource.com/platform/packa…
— Nagy Ferenc László (@nflnfl) September 25, 2012
There has been a lot of misinformation floating around this morning about an alleged "exploit" on Samsung phones that allows the entire device to be wiped from the browser using what's called a USSD code. Basically, a bit of Android intent code cleverly placed in a web page can call up your dialer and insert a code that wipes the whole device (the USSD code), all without you ever confirming anything.