The first vulnerability is known as a “Permission escalation vulnerability”, and allows attackers to install additional “arbitrary applications with arbitrary permissions”, without first asking the user if they want to permit such actions. This would allow attackers to access call records, texts, web browsing history and media stored on the device.
The second bug only affects the Samsung Nexus S smartphone. It lets attackers gain root access on the device, providing them with full control over the handset. Google has yet to address the security issues.