Palo Alto Networks states it discovered the leak in January 2014 already. The company has been working with Google and Samsung to release patches for Android and for Android versions shipped by phone manufacturers.
Therefore newer Android versions are not vulnerable. Unfortunately many older devices are no longer supported by phone manufacturers and don’t receive updates anymore, leaving them vulnerable. Palo Alto has released an app which allow users to check whether their device is vulnerable.