AT&T has been rolling out an update for HTC One M9 and M8 to patch the cracked door in Android's media playback engine, Stagefright.
The update is being pushed out over the air, so some people will have to wait just a bit, to install it. Those wishing to address this critical vulnerability as soon as possible can manually check for the update.
To search out the update, select the "Settings" option from the Notifications bar and then select the "About Phone" option from the General section. From there, just tap "Update" to look for a patch that's been described as weighing about 28 MB to 55 MB.
AT&T is requiring M8 and M9 users to download the update via Wi-Fi and recommends that their handsets have at least half of a charge.
"Although there should be no impacts to settings or data, we recommend that you back up your media files to an SD card, a PC, or using a favorite application (from the Play Store), prior to upgrading the software," says AT&T.
As far as the contents of the update, AT&T merely states that it brings "device security improvements." Android Central reports that the update includes the Stagefright fix, an issue vendors and manufacturers have avoided talking about until their customers have had good time to install a patch for the vulnerability -- don't wanna tip of hackers.
Security firm Zimperium discovered the Stagefright vulnerability a few months back. The firm learned that all a hacker needs was a target's phone number to attack the vulnerable media engine.
"A fully weaponized successful attack could even delete the message before you see it. You will only see the notification," said Zimperium. "These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."
An estimate 950 million Android mobile devices were vulnerable to attack via Stagefright. Zimperium gave Google a heads up and members of the Open Handset Alliance quietly began working to with the pair to resolve the problem. The security firm also released this app, which allows users to find out if their devices are vulnerable to the Stagefright exploit.