NPR on the Android messaging vulnerability:
In this attack, the target would not need to goof up — open an attachment or download a file that’s corrupt. The malicious code would take over instantly, the moment you receive a text message.
“This happens even before the sound that you’ve received a message has even occurred,” says Joshua Drake, security researcher with Zimperium and co-author of Android Hacker’s Handbook. “That’s what makes it so dangerous. [It] could be absolutely silent. You may not even see anything.”
So, just don’t get any text messages and you’re good.
I haven’t heard anyone talk about open software’s inherent security advantage in a while. That was always a good one.