Like every other US carrier, Sprint has been working diligently to release a patch to the Stagefright vulnerability in Android to its lineup of phones, and today HTC One M8 owners get the fix.
The release notes for the update only list a “Patch for critical security vulnerability (‘Stagefright’)” as being included in this update, so don’t expect anything else.
Stagefright is a vulnerability spotted in Android’s default MMS behavior that makes delivering and executing code on an Android-powered smartphone as simple as delivering a rich text message. Android has the ability to fetch the contents of a message before the user even opens it (this functionality itself is called “Stagefright” in Android), and most messaging apps previously didn’t prevent this from happening because, why not? Pre-fetching contents would be ideal as it means the user doesn’t have to wait for something to download when they tap and open a message.
Unfortunately, however, it’s also an easy way for bad guys to gain control of your phone. Google’s default text messaging app on Android, Messages, as well as its Hangouts messaging app, have both received updates to solve this from happening. Other popular messaging apps have followed suite, but Google’s vulnerability patch means that more apps won’t need to do the same.
Since this is a carrier update it’s being rolled out in stages, so it could be a few days before you see it hit your device. You should receive a notification when it’s available, otherwise you can manually check by visiting Settings > About phone > System updates.