Few days ago came a big vulnerability in Stagefright was announced by Zimperium, who stated that most Android phones could be remotely hacked by a malicious MMS. Around 50% of devices just need to receive it and the rest need to open the message.
Update: Full details on Zimperium blog!
@jduck has a great video demonstration on how easy it is to exploit the vulnerability in Stagefright!
Google has patched this vulnerability and will be rolling out updates to Nexus devices soon, however most devices will not be receiving this update since they have long being abandoned by their respective OEMs.
But there is a simple way to protect ourselves until the vulnerability is patched is to simply disable Auto downloading of MMS messages.
Delete any MMS from an unknown source without downloading it.
As mentioned above Google has updated Android 5.1.1 with the fix without actually increasing the version number. Samsung is also rolling out patches for some of their devices.
Zimperium has launched an app in Google Play Store which detects any vulnerabilities in Stagefright.