Rooting (that is, using a security flaw to gain control over an operating system) is a staple of the Android enthusiast world, but it's also used by would-be attackers... and Google just offered a textbook example of this problem. It's warning of a vulnerability in Android's Linux-based kernel that lets apps get root access, giving intruders free rein over your device. And this isn't just a theoretical exercise -- Zimperium (which discovered the Stagefright bug) says it has spotted publicly available apps that make use of the hole.
The good news? Fixes are coming quickly, at least for some users. If you're using the AOSP version of Android, you can install a patch right now. You'll have to wait if you're using other releases, but a fix is coming in Google's next monthly security update, which hits April 2nd. The main concerns are that numerous Android manufacturers don't offer those updates in a timely fashion, or stop updating devices well before their useful lifespans are over. Even if you're running Android 6.0 Marshmallow, you might be exposed for months if your hardware maker isn't on the ball.