Vulnerabilities discovered in the Stagefright media playback engine that is native to Android devices could be the mobile world s equivalent to Heartbleed. Almost all Android devices contain the security and implementation issues in question; unpatched devices are at risk to straightforward attacks against specific users that put their privacy, data and safety at risk. An attacker need only use a malicious MMS message that could trigger the vulnerability without user interaction, and delete the message before the victim is aware. The flaws have been in Android since and including version 2.2; devices running Android versions older than Jelly Bean are at greater risk.
Source: https://threatpost.com/android-stagefright-flaws-put-950-million-devices-at-risk/113960/