“If that sounds terrifying, well, it kind of is. And then it gets worse. The exploit isn’t like a virus-laden e-mail attachment; you don’t actually have to try to view the media in order to be affected. Merely looking at the message in some apps is enough.
And then there are the apps where you don’t even have to open the message: for folks who use Google Hangouts to read their texts, Hangouts would open and access the exploit code “immediately before you even look at your phone… before you even get the notification,” Drake told Forbes, adding that it’s possible then to delete the message before the user even receives an alert, making the attack completely silent.
[ . . . ] Google has verified and corrected seven security holes. But [ . . . ] Google doesn’t update Android phones directly. Service providers do. So Verizon, Sprint, T-Mobile, AT&T, and other, smaller carriers all have to push patches to their own Android customers… and they are not known for doing so quickly.
Read the whole article at consumerist.com