+1 for Derry's interpretation of the Carrier/Manufacturer relationship. Understanding that this applies to all of the carriers where they have problems with providing releases. Verizon tends to drag it's feet the most to "do proper testing."

Has anyone seen any public acknowledgement by Verizon that this problem exists?

This looks like the issue has been in play since at least April and is just now hitting the news, so I assume Google kept it under wraps until they had the patch. I've been trying to watch the forums and the news outlets, and Verizon to catch any sign of an official acknowledgement, much less a plan for resolution; by code or by a manual work-around like disabling Hangouts or blocking unknown MMS messages.

I get that coding isn't magical and instant, but this is a serious issue that may allow someone to gain a foothold on my home network (or any work networks out there that people have connected their phones to). Unless I've misread the situation, the keys to the kingdom are kind of a big deal.