Stagefright - Single Message to Hack Android Device

Here is another critical and serious security vulnerability found on the popular Google mobile operating system "Android". The vulnerability resides  in the Stagefright media playback engine that is native to Android devices, which puts 95% of Android devices running version 2.2 to 5.1 under threats.

Researcher of security firm Zimperium discovered the Stagefright vulnerability and mentioned that it is the worst Android flaw in the mobile OS history, and confirmed that they will reveal more details at the next BlackHat or DEFCON in Las Vegas this year.

Researcher Joshua Drake, vice president of platform research and exploitation at Zimperium zLabs, said exploits could be particularly insidious given the fact that an attacker need only use a malicious MMS message that could trigger the vulnerability without user interaction, and delete the message
before the victim is aware. This is most nasty attack vector - said researcher.
Heartbleed for Android Mobile World

Joshua Drake from Zimperium discovered seven critical vulnerabilities in the native media playback engine called Stagefright, the expert defined the Stagefright flaw the “Mother of all Android Vulnerabilities.”
Once the attackers have successfully exploited the vulnerability, they would be able to write code to the mobile device and steal user data, including audio or media files or photographs stored in the SD cards. The attackers can remotely control the device, accessing audio from microphone, reading emails, and exfiltrating sensitive data.
Google has patched internal code branches (vulnerability), but devices require over-the-air updates. However, most manufacturers haven’t already distributed the patch to their customers exposing them to cyber attack.