Android manufacturers and wireless carriers are doing damage control with the first fixes for the Stagefright bug.
Stagefright allows the execution of potentially malicious code through a multimedia message, such as images or video sent via SMS. (Video via ZIMPERIUM)
It straight-up admits Stagefright was the catalyst and acknowledges the "importance of time sensitivity in addressing major vulnerabilities."
In other words, Stagefright was scary enough — and hyped in public consciousness enough — to trigger something of a sea change.
Android Security Head Adrian Ludwig told The Verge, "The OEMs are now really understanding and the ecosystem is really understanding how to react more quickly, because we all see that it's necessary."
Researchers say anything running 2.2 or later is vulnerable, which is just about every Android device according to recent polls. Pre-Jelly Bean phones — on Android 2.2 to version 4.0.4 — are at special risk thanks to "inadequate exploit mitigations."
And despite new patch efforts from OEMs and carriers, there are a lot of different handsets to protect.
OpenSignal keeps charts of just how many distinct devices and Android OS versions it encounters. It's not clear if Stagefright countermeasures will make it through the whole ecosystem.