“Google has found a fix for a vulnerability in Android’s security model that could allow attackers to convert 99 percent of all applications into Trojan malware.”

It’s up to the carriers (ATT,Verizon, etc.) to push the patch to their users.

 

Link