In what way was the exploit a part of Android? I thought it was a touchwiz dialer issue that it automatically dialled USSD numbers without secondary confirmation from the user?
No, I've confirmed that a random sample of HTC & Huawei phones around my office are also vulnerable. Nothing specific to TouchWiz. The thing that MIGHT be specific to Samsung is the actual remote wipe code, but relying on that is simply security-by-obscurity. I'd bet ALL phones have got some USSD code you'd rather not be instantly triggerable by a web page.
From what I understand stock Android doesn't have the problem. Multiple manufacturers seem to have introduced the flaw in the same way with their customizations.
it was an issue in any Android variant that featured autodial, I saw someone reporting it worked on CyanogenMod 7 for example and it also worked on some HTC devices
CM7 user here. Can confirm that it is vulnerable. Easily fixed by installing a second dialer so that you'll always get a prompt.
Also I can't find any info on whether cm7 supports USSD factory reset. Anybody aware?
Apparently the bug is fixed in 4.1 (I'm still on 4.0.4). I installed a temporary fix - TelStop. It just handles telephone Intents so that you get a popup asking you to choose an application.