A vulnerability has been discovered in all versions of the Android mobile operating system starting with version 2.2. When exploited, an attacker may gain access to the data on your mobile phone or remotely run commands without you knowing.
How am I vulnerable?
Full details have not yet been released to the public. Based on what is currently known, the attacker only needs to send an MMS message with a maliciously crafted video file to your mobile phone number. In many cases receiving the message is all that's required for this to be successful. In other cases you will have to view the message itself. In either scenario no interaction with the device is required beyond viewing the message.
How can I protect myself?
The recommended action is to disable auto-retrieval of MMS messages. This ensures your phone will not download any MMS messages until you tell it to. The phone will still be vulnerable to the attack but this ensures messages are screened before their content is delivered. IST recommends immediately deleting any MMS messages from sources you do not trust or recognize. To disable auto-retrieval of MMS messages follow these steps:
Google Hangouts as default SMS:
Open Google Hangouts
Scroll down and turn off Auto Retrieve MMS
Google Messenger as default SMS:
Open Messenger App
Go to right hand of application and select the three dots
Turn off Auto-retrieve
Other (using default messaging app):
Go to Messages App
Select Multimedia Messages
Turn OFF Auto retrieve
IST also recommends contacting your cellular provider and asking them for an update on when a software update will be available for your phone to permanently resolve this issue. Finally, consider using a third party software application or your phones built in software (if available) to automatically block MMS messages from unknown numbers.