This is as nasty as bugs get. You can expect more changes in the white-list protocol, plugin and CSP. Save yourself some work and headache. Learn about white-listing NOW, because your going to change your plugin -- very, very soon, and you will want to up your game.
FWIW: If you do a blog post on this, let me know - I'll circulate your blog post. Also, I am not regular on this forum. You can find me on Google Groups.
A billion Android devices vulnerable to hack via Stagefright 2.0 bug
Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media.
https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media
Best of Luck
Jesse