Well that's bad news: The Register is reporting that it's possible to send a malicious MMS to Windows Mobile phones (at least Pocket PC 2003 and Smartphone 2003 phones) that could possibly infect them with malicious code. More likely it would just crash the phone (thank god for small favors), though, as it's apparently wicked-tough to implement.
All in all, we've had a remarkably long honeymoon when it comes to security on mobile devices. Hopefully it's not over yet.
Security researchers have released proof-of-concept code that exploits vulnerabilities in MMS implementations in mobile phones running mobile versions of Windows.
[...]Even in devices confirmed as vulnerable the attacker needs to know the correct memory slot where the MMS processing code is executing, so exploitation is far from easy. Malicious MMS message will most likely only crash a device rather than infecting it, reports anti-virus firm F-Secure.