Four major security failings in the Qualcomm chips which power modern Android devices have left as many as 900 million users vulnerable to a range of attacks, according to Israel-based security firm Checkpoint.
The researchers at the security firm say that the flaws—dubbed "Quadrooter"—found in the firmware which governs the chips, could allow potential attackers to "trigger privilege escalations for the purpose of gaining root access to a device" using malware which wouldn't require special permissions, allowing it to pass under suspicious users' radars.
Given the sheer ubiquity of Qualcomm in the mobile world, the exploits could affect the majority of Android devices -- Check Point estimates 900 million in total or most of the 1.4 billion active devices in use as of fall 2015. That includes many of the past and present flagship phones from companies you know, such as Google's Nexus phones, the HTC 10, LG G5 and at least some variants of Samsung's Galaxy S7. Check Point has also released an app that tells you whether or not your hardware is vulnerable.
Importantly, three of the four holes have already been fixed, with a solution for the fourth on the way. However, most users are at the mercy of their handset manufacturers if they want these patches applied. Owners of Google's Nexus devices have already had patches pushed to their phones, but other manufacturers have historically been less interested in patching flaws found in their devices after release.
According to Checkpoint—which revealed its findings over the weekend at the Defcon security conference in Las Vegas—the "vulnerabilities can give attackers complete control of devices and unrestricted access to sensitive personal and enterprise data on them."
Also, you aren’t under imminent threat given that you'd need to install an app. If you stick to Google Play downloads, you'll likely be safe.
With that said, attackers could easily prey on users who either don't know this or live in countries where unofficial app stores dominate, such as China.