The problem appears to lie in one of the files /system/lib/libstagefright*
NPR is saying that Google Hangouts makes the problem worse:
The messaging app Hangouts instantly processes videos, to keep them ready in the phone's gallery... this setup invites the malware right in. If you're using the phone's default messaging app, he explains, it's "a tiny bit less dangerous." You would have to view the text message before it processes the attachment. But, to be clear, "it does not require in either case for the targeted user to have to play back the media at all," Drake says.
It would appear prudent to uninstall Google Hangouts. If you can disable MMS with your carrier, do so, otherwise do not look at text messages from originators that you do not know - delete the conversations.
Carriers are unlikely to patch (look at SamsungIME.apk if you think OEMs or carriers will lift a finger to help us).
Root your phone, and await a new set of /system/lib/libstagefright* files - Cyanogenmod will likely provide KitKat copies if they ever shirk their laziness long enough to deliver the final promised KitKat milestone.