Joseph Menn, reporting for Reuters:

The change came after security researcher Joshua Drake unveiled what he called Stagefright, hacking software that allows attackers to send a special multimedia message to an Android phone and access sensitive content even if the message is unopened. […]

Ludwig said improvements to recent versions of Android would limit an attack’s effectiveness in more than nine out of 10 phones, but Drake said an attacker could keep trying until the gambit worked. Drake said he would release code for the attack by Aug. 24, putting pressure on manufacturers to get their patches out before then.

Nexus phones are being updated with protection this week and the vast majority of major Android handset makers are following suit, Ludwig said.

Samsung Vice President Rick Segal acknowledged that his company could not force the telecommunications carriers that buy its devices in bulk to install the fixes and that some might do so only for higher-end users.

“If it’s your business customers, you’ll push it,” Segal said in an interview. Samsung is the largest maker of Android phones.