Google already has a patch out for it's most recent vulnerability, but most phone-makers are lagging behind pushing the update out. This leaves plenty of people still vulnerable.
Woohoo! So I’m safe? Nope. The problem isn’t fixed. What? Huh? Why? That’s because Google’s Android ecosystem relies on its partnering phone-makers to push out software upgrades. That means Samsung, HTC, LG, Lenovo, Motorola, Sony, among others, are responsible for delivering the patches to customers.