me too!.....also, since this vulnerability appears to be related to how Hangouts manages incoming MMS messages, if we have disabled Hangouts and are instead using Verizon's "Message+" app, are we still vulnerable?
To my understanding, Google has released the patch and now it's in the hands of the device makers to recode it for their devices and then on to the ISPs to approve or require it to be recoded again.
This is the first thread I found on the issue. I am following it for the latest and greatest news on this issue. Will post new information to it when I find out more.