>>
http://tinyurl.com/ofv74qu>>
>>A billion Android phones are vulnerable to new Stagefright bugs...
>
>2.0 seems to require user intervention - visiting an infected web site, playing a malicious MP3/MP4 etc.
>
>That's really no different from PCs. Adobe Flash has been so buggy for so long that anyone still using it is risking their machine. Java is basically the same. I'm sure bad guys and government actors have zero-days for those two platforms and probably many others.
I know you know, but it should be clearly stated that the browser plugins are the main danger, not the sometimes used runtimes for desktop apps.
And since websites can be hacked/MIM-redirected. User is not totally out of the loop as in receiving a message with stagefright 1, but not always able to discern caoered sites.