Zimperium has presented us yesterday with one of the most dangerous Android vulnerabilities known to date.
Fortunately patch\diff files were also released. Kudos JDrake.
Custom ROMs should be recompiled with these fixes until proper releases from manufacturers become available.
* UPDATE 18 September *
Original Zimperium link
PoC exploit with ASLR bypass
See if you are vulnerable using original App
List of patched devices so far
* UPDATE 22 October *
Stagefright v2.0... Includes patches for I9505 (S5) and I337M (S4)