A security company standing behind the zANTI application - Zimperium, has recently discovered a new vulnerability called Stagefright. This new security flaw affects roughly 95% of all Android devices running Android 2.2 all the way to Android 5.1.1 Lollipop. And how to project yourself from it?
Stagefright is an Android media library and is now widely used - even in the newest Android versions. This means your device is probably vulnerable to this security flaw.
The vulnerability can be easily exploited by sending a special MMS from the attacker's phone. This means that basically anyone who knows your telephone number can attack your phone. What's also a dangerous sign is that an attacker can send you a message while you're asleep and freely browse and run arbitrary code on your device with you having no idea about it.
The only way to potentially protect yourself from this vulnerability till the official Android update is released is to disable auto fetching for MMS. This will stop automatically downloading MMS messages as they arrive, thus an attacker would have no way of accessing your phone.
Be sure Auto-retrieve is disabled. If you're using Hangouts or stock messaging app, ensure this option is disabled on both applications.
Source: Zimperium blog