Stagefright is a novel attack that allows remote code execution on the vast majority of devices running Android. Whereas the details of the vulnerability will be publicly released on August 5th, the general idea behind the attack (which was released just two hours ago) is to compromize the multimidia library that parses and displays MMS media.
Since the attack looks terribly effective, it is a good idea to mitigate it by disabling MMSes, until a fix is released (provided, of couse, that you don’t use MMSes).
To do that, open the “Settings” menu (here, on Android 5.1, the look of your menu might be different)
Select “Cellular Networks”
Select “Access Point Names”
Select your access point. It should look something like this.
Now remove “mms” from “APN Type”.
I’ve also cleared out “MMSC” for good measure (optional)
Your new settings will take effect after you reboot the phone, or put it in airplane mode for a few seconds.
Note that Android converts group SMSes to MMSes, so you might want to disable that too. To do that, go to the Messaging app, open the Settings menu, and disable Group Messaging and Auto-Retrieve.