Just for context: almost every update fixes multiple code execution vulnerabilities in WebKit, and browsers are usually much easier and more reliable to exploit than most things due to the JavaScript VM. This bug is arguably more scary than those because it only requires the ability to send someone an image, not an HTML page, but then again, it's not generally hard to get someone to click on your link (think fake URL shortener), and while perhaps this bug is powerful enough to be exploited reliably (100% success/non-crash rate across all unpatched Apple OSes that might receive the message), if it isn't, that would make it considerably less stealthy in practice. (On a webpage you can see the target device and version before even starting the attack.) I don't think it's really worth freaking out much over, unless you're new to the realization that most modern Internet-connected devices are hellishly insecure. :) Though of course you should patch as soon as possible; critically, unlike with Stagefright, all modern iOS devices can, and will be prompted to, install the update.