Also, in this case it appears that the applet runtime simply acts as vector to carry the interesting payload that actually compromises the system.
That being said, I was disappointed to learn how the applet security manager is put together, as it appears to simply trust call sites in the system framework packages. Given the size of the software, it seems likely that bugs like this will be discovered for years and years, and that every new API level will supply new bugs, unless this aspect of its evolution is strenuously reviewed.
Then again, if you just sign your applet, and socially engineer the user to run it, the security manager is turned off in any case, opening the door to further exploits just the same. If applets are to be salvaged -- and it is not clear to me anybody wants that -- then the operating system must be hardened to not allow browser to act as user's agent, i.e. with his privileges.