Android owners have a new version of Stagefright to worry about.
Using malicious MP3 or MP4 files, hackers can gain access to the Stagefright media playback engine to take over a person’s Android device. Even simply previewing the malicious audio or video file will activate the bug.
On Thursday, Zimperium Labs, the same firm that discovered the original Stagefright bug, disclosed the new vulnerability.
The firm estimates that between 950 million and 1.4 billion users are vulnerable to the bug since almost every Android phone shares the same media preview feature.
Google told Motherboard that Nexus devices will receive an update to protect them against the bug on October 5, the same day that Android Marshmallow is slated to arrive. The company also told the website that it’s working with other Android OEMs, including Samsung and HTC, to secure non-Nexus devices against the bug as soon as possible. Many of those OEMs cooperated with carriers to deliver Stagefright updates back in August and September, but it’s unclear whether they will update this new exploit with the same diligence.